Root Kit....Zero Access

samlib.dll --a---- 57344 bytes [19:43 28/01/2011] [04:36 19/01/2008] 599826174ECA68388BD413C665753BF7
SampleRes.dll --a---- 2048 bytes [12:34 02/11/2006] [12:34 02/11/2006] C19CBC6C228B74EBF69B0CA1222EC8CE
samsrv.dll --a---- 478720 bytes [19:43 28/01/2011] [04:36 19/01/2008] 1EACFF296A418F23B38BBC02E337F38B
saxcom32.dll --a---- 91136 bytes [15:50 24/08/2007] [15:50 24/08/2007] 4D673140DE06D52A78A4BBF3A9B6A3A9
SAXFile.dll --a---- 172032 bytes [15:50 24/08/2007] [15:50 24/08/2007] 86EFF2D089ADBDFBA486C4719285EA95
saxxfr32.dll --a---- 45568 bytes [15:50 24/08/2007] [15:50 24/08/2007] 99341A9C5B365BA5018B4FDB44157008
sbe.dll --a---- 323072 bytes [14:14 20/03/2011] [17:41 29/12/2010] 6B146CD17160355F5F7DADAEF9ED1266
sbeio.dll --a---- 153088 bytes [14:14 20/03/2011] [17:41 29/12/2010] CE05C641CE38A64D3BBFD6D206A19B8A
scansetting.dll --a---- 245760 bytes [19:43 28/01/2011] [04:36 19/01/2008] EC96085DF2756BD98983380DBF392E28
SCardDlg.dll --a---- 66560 bytes [08:43 02/11/2006] [09:46 02/11/2006] E864F96CF5B12999E3B468D000181336
SCardSvr.dll --a---- 95232 bytes [19:43 28/01/2011] [04:36 19/01/2008] 11387E32642269C7E62E8B52C060B3C6
scecli.dll --a---- 177152 bytes [19:43 28/01/2011] [04:36 19/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
scesrv.dll --a---- 306176 bytes [19:43 28/01/2011] [04:36 19/01/2008] EA5D4BFB6A9F6A659C3DDCE419D8217C
schannel.dll --a---- 276992 bytes [18:05 30/06/2011] [14:54 29/04/2011] 6528EE11EFA77F8C8B1C6EAD401F907F
schedsvc.dll --a---- 603648 bytes [21:20 29/01/2011] [11:09 06/11/2010] 7B587B8A6D4A99F79D2902D0385F29BD
scksp.dll --a---- 140288 bytes [19:43 28/01/2011] [04:36 19/01/2008] 3CCAE7C320505B12B1DAEDFAFC6BD2E9
SCP32.DLL --a---- 39728 bytes [18:50 24/07/2006] [18:50 24/07/2006] F0283069C1B8E0A65A97F08186BFC9B2
scripto.dll --a---- 57856 bytes [09:11 02/11/2006] [09:46 02/11/2006] 0CDC907CBC81B218035442CD81AFBE1D
scrobj.dll --a---- 180224 bytes [21:18 29/01/2011] [21:59 08/05/2008] C5DD137AA113619E69679385A43AE87D
scrrun.dll --a---- 172032 bytes [21:18 29/01/2011] [21:59 08/05/2008] 83433ECFB05E44AB1529004CCA561FE9
SDDEVMGR.dll --a---- 36864 bytes [19:41 02/02/2007] [19:41 02/02/2007] F3D8C7B0EFA313DAA9F7B2030652DA4B
sdengin2.dll --a---- 730624 bytes [19:43 28/01/2011] [04:36 19/01/2008] 572573590924B261A33BA2B7E9229968
sdhcinst.dll --a---- 32768 bytes [08:35 02/11/2006] [09:46 02/11/2006] 70755C8280F2D5C2AFA8FE0713DD6D67
sdohlp.dll --a---- 183296 bytes [14:57 07/06/2009] [04:39 03/03/2009] 037166F979E3ED06CFF99DFEDDDF755A
sdrsvc.dll --a---- 104960 bytes [19:44 28/01/2011] [04:36 19/01/2008] 716313D9F6B0529D03F726D5AAF6F191
sdshext.dll --a---- 98816 bytes [19:44 28/01/2011] [04:36 19/01/2008] 79F3F533713AC822AB9E4494787AC5F1
sdspres.dll --a---- 6656 bytes [19:46 28/01/2011] [04:36 19/01/2008] 1C199FD81016B0B872FACA850D7DCE24
seclogon.dll --a---- 19968 bytes [19:44 28/01/2011] [04:36 19/01/2008] FD5199D4D8A521005E4B5EE7FE00FA9B
secproc.dll --a---- 472064 bytes [18:25 21/03/2010] [12:48 25/01/2010] 44517A31BCDA33E751E94E5EE52D5551
secproc_isv.dll --a---- 472576 bytes [18:25 21/03/2010] [12:48 25/01/2010] CD7E6B1AA4572E727B10D8FA937B4325
secproc_ssp.dll --a---- 151040 bytes [18:25 21/03/2010] [12:48 25/01/2010] A9E8EAD82DBDDF5342E3E52035C78075
secproc_ssp_isv.dll --a---- 151040 bytes [18:25 21/03/2010] [12:48 25/01/2010] EFE24344FB122D2EE8BF7CE3928C022A
secur32.dll --a---- 72704 bytes [14:47 30/08/2009] [15:24 15/06/2009] 5CF121E62E74480E0F07D384FF7EB5B1
security.dll --a---- 5120 bytes [08:43 02/11/2006] [09:43 02/11/2006] 0A990AFB9F2726323D61C8ECB8B70B17
sendmail.dll --a---- 69632 bytes [19:43 28/01/2011] [04:36 19/01/2008] 0D836890C7AFB97E377E73870921F68F
Sens.dll --a---- 47104 bytes [19:43 28/01/2011] [04:36 19/01/2008] A9BBAB5759771E523F55563D6CBE140F
SensApi.dll --a---- 8704 bytes [08:50 02/11/2006] [09:46 02/11/2006] EC760B0B76A4353DE49D66520EB2141F
serialui.dll --a---- 15360 bytes [19:43 28/01/2011] [04:36 19/01/2008] 0F410596CA1DC0776345DC03442BD3AE
serwvdrv.dll --a---- 18432 bytes [08:58 02/11/2006] [09:46 02/11/2006] F29FD448FEE936FC3744A6CAA6A9C634
SessEnv.dll --a---- 84992 bytes [19:43 28/01/2011] [04:36 19/01/2008] D2193326F729B163125610DBF3E17D57
setbcdlocale.dll --a---- 46592 bytes [22:01 16/05/2008] [06:53 29/02/2008] 2EE52774610882DDA2F2DF63DB3CC4D0
setupapi.dll --a---- 1590272 bytes [19:43 28/01/2011] [04:36 19/01/2008] EC6F86F7718ABE932926DEED0B871D46
setupcln.dll --a---- 110592 bytes [19:43 28/01/2011] [04:36 19/01/2008] 0D4AC575EC0E85B1D13F3E631B1AAE6C
sfc.dll --a---- 4608 bytes [08:33 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8
sfc_os.dll --a---- 38912 bytes [19:43 28/01/2011] [04:36 19/01/2008] 12BCF4DAD8E5A1B3D5FA7AB4A79DA105
sftldr.dll --a---- 1075560 bytes [13:30 01/10/2011] [13:30 01/10/2011] 1157E5CFDBD3C7FF93BBBD46A2B17338
shacct.dll --a---- 81920 bytes [19:44 28/01/2011] [04:36 19/01/2008] 70932D6C3D59B416CBD2BE5A3B3D4BE6
shdocvw.dll --a---- 1067520 bytes [19:44 28/01/2011] [04:36 19/01/2008] 86B89709BDFC7A59D566590CC30CDBB1
SHELL.DLL --a---- 5120 bytes [07:10 02/11/2006] [07:10 02/11/2006] DC8A8C47542EDD026AD8F4AC3D6C2292
shell32.dll --a---- 11582464 bytes [20:02 25/02/2011] [15:46 21/01/2011] 048B65EC931A39A5F42016BE04775274
shellstyle.dll --a---- 582656 bytes [07:23 02/11/2006] [07:23 02/11/2006] 6A66AE2540F9742B2FC4FAEEA1C2D373
shfolder.dll --a---- 7168 bytes [08:47 02/11/2006] [09:46 02/11/2006] 3606CE1AC3D6A9A9CB7DB35D7F5C54EC
shgina.dll --a---- 68608 bytes [19:44 28/01/2011] [04:36 19/01/2008] 12A1DF1B84FB45A00D47B2CDE2CEEBBA
shimeng.dll --a---- 111104 bytes [08:29 02/11/2006] [09:46 02/11/2006] 1DACD1530C6E58AEAE9F6DE7DA851935
shimgvw.dll --a---- 128000 bytes [19:44 28/01/2011] [04:36 19/01/2008] 5285CFB0EF1CD609EC8F88305642880C
shlwapi.dll --a---- 351744 bytes [20:02 25/02/2011] [15:46 21/01/2011] 44338CAB70F1DB264D2F3F9F86A5D281
shpafact.dll --a---- 13824 bytes [08:47 02/11/2006] [09:46 02/11/2006] F1D98C147E8AA52F79B7BE97B47BA869
shrink.dll --a---- 105984 bytes [19:44 28/01/2011] [04:36 19/01/2008] 65FE3C2216E0A8746D6BEE8087905AE7
shsetup.dll --a---- 101376 bytes [19:44 28/01/2011] [04:36 19/01/2008] 7EB07B20E4CDBF3CD0D9634780BA6072
shsvcs.dll --a---- 247808 bytes [08:14 26/02/2011] [12:21 10/07/2009] 1E3FDB80E40A3CE645F229DFBDFB7694
shunimpl.dll --a---- 6656 bytes [08:46 02/11/2006] [09:46 02/11/2006] 9CF5848604DF8BFCEF1DC8E41A545DFB
shwebsvc.dll --a---- 425472 bytes [19:44 28/01/2011] [04:36 19/01/2008] 445248D52BF93D16AFB38928F70A63CD
signdrv.dll --a---- 41984 bytes [08:35 02/11/2006] [09:46 02/11/2006] 5FD551EAA4C60B1A601501279C7223AD
sisbkup.dll --a---- 20480 bytes [08:30 02/11/2006] [09:46 02/11/2006] 81ECDB33BDF16A8635F11B74752B7C4E
SLC.dll --a---- 225792 bytes [19:43 28/01/2011] [04:36 19/01/2008] C0D487FD64092792B47E80A0FF27E5C6
slcc.dll --a---- 777216 bytes [19:43 28/01/2011] [04:36 19/01/2008] B0C2E95B6A747E95DCC34962218B84FB
SLCExt.dll --a---- 137216 bytes [19:43 28/01/2011] [04:36 19/01/2008] C3B67925D8778BA5AB5DFA4C9A5301F4
slcinst.dll --a---- 42496 bytes [19:43 28/01/2011] [04:36 19/01/2008] D0C10ACC6D91024D0B38E11118DAF0C9
SLCommDlg.dll --a---- 573440 bytes [19:43 28/01/2011] [04:36 19/01/2008] 86A235767253B02092FB3D47D1044F75
SLUINotify.dll --a---- 57856 bytes [19:43 28/01/2011] [04:36 19/01/2008] 7C6DC44CA0BFA6291629AB764200D1D4
slwga.dll --a---- 12288 bytes [19:43 28/01/2011] [04:36 19/01/2008] 7269A928BC18DAFBDDCFFB96B6E987F1
slwmi.dll --a---- 35328 bytes [19:43 28/01/2011] [04:36 19/01/2008] 2D496BA5EC2FC0793D6000B7BEADCC59
SmartcardCredentialProvider.dll --a---- 134144 bytes [19:43 28/01/2011] [04:36 19/01/2008] DB689551B8BD6009308F30675F11AB2F
SMBHelperClass.dll --a---- 83456 bytes [19:43 28/01/2011] [04:36 19/01/2008] C8A5A2E035D6CEBC1171797CDE494F3A
SmiEngine.dll --a---- 704512 bytes [19:43 28/01/2011] [04:36 19/01/2008] 65D255ADDFA691567B1A4A0439BA7830
SmiInstaller.dll --a---- 139264 bytes [19:43 28/01/2011] [04:36 19/01/2008] 07AF7A63CF3E1BE4DDC809818BC4A63B
SndVolSSO.dll --a---- 185856 bytes [09:03 02/11/2006] [09:46 02/11/2006] 30F02D9C55053367E26A11482F51E255
snmpapi.dll --a---- 22528 bytes [08:58 02/11/2006] [09:46 02/11/2006] AF24A9DF84637BF9858EC6FB88EBA7B2
softkbd.dll --a---- 125440 bytes [19:43 28/01/2011] [04:36 19/01/2008] 2DC7C2572A6BB307A991DED8E261F9C2
softpub.dll --a---- 9216 bytes [08:43 02/11/2006] [09:46 02/11/2006] 06D2F8867F99BAD116FE3C6347B13EBE
spbcd.dll --a---- 64512 bytes [19:41 28/01/2011] [04:36 19/01/2008] 46E2193A8E72067EEEC807F4A487192E
spnet.dll --a---- 8192 bytes [08:34 02/11/2006] [09:46 02/11/2006] 9B3DB798BEED866BE5C9EBFA74079FC5
spoolss.dll --a---- 163840 bytes [19:41 28/01/2011] [04:36 19/01/2008] 76D54175BDE317E4F251028AFA117309
spopk.dll --a---- 15872 bytes [19:41 28/01/2011] [04:36 19/01/2008] C2276B4C3CF8D56C248AD9FAA3AFD175
spp.dll --a---- 142336 bytes [19:46 28/01/2011] [04:36 19/01/2008] 0C627994FA9A63FE9E2FD49A08E26044
sppnp.dll --a---- 44544 bytes [19:41 28/01/2011] [04:36 19/01/2008] 06EDE5B3A404C97F3806248F361C125B
spwinsat.dll --a---- 11264 bytes [12:34 02/11/2006] [12:34 02/11/2006] 8F577AE2988112AE3ACE13EA0F2C79DB
spwizeng.dll --a---- 348160 bytes [19:41 28/01/2011] [04:36 19/01/2008] 61803EBAA66E9CAFB0B6B0890956F4BE
spwizimg.dll --a---- 8322048 bytes [19:41 28/01/2011] [02:31 19/01/2008] CE310A10ECFEE414163BCC78B770B410
spwizres.dll --a---- 7680 bytes [19:41 28/01/2011] [04:31 19/01/2008] 21F5653F944C102DFECC39423C812C1F
SPWizUI.dll --a---- 152576 bytes [20:09 28/01/2011] [19:33 28/01/2011] 562F9C10ED7A3092E177DC936A5364E6
spwmp.dll --a---- 7680 bytes [01:51 29/08/2009] [12:58 14/07/2009] D54431128F7B833AB48F441CA96C4E8E
sqlceoledb30.dll --a---- 151040 bytes [09:05 02/11/2006] [09:46 02/11/2006] 3E00D032E2BEB9FB5439ABED0DD30A7B
sqlceqp30.dll --a---- 604160 bytes [19:41 28/01/2011] [04:36 19/01/2008] E565C65391CDABF0870E9640815C03FF
sqlcese30.dll --a---- 308224 bytes [19:41 28/01/2011] [04:36 19/01/2008] F0F5C6F147E1224CA4038D9C22147A5B
sqlsrv32.dll --a---- 520192 bytes [19:41 28/01/2011] [04:36 19/01/2008] A7EAFE5B91F0C242BB732C5BD9C4D438
sqlunirl.dll --a---- 180800 bytes [06:47 02/11/2006] [09:46 02/11/2006] A77B2CB87B528FAC88F74AB8D275AB65
sqlwid.dll --a---- 24603 bytes [06:47 02/11/2006] [09:46 02/11/2006] 07F52FCEE0FFC44BCCCCE59FA1F4F322
sqlwoa.dll --a---- 49179 bytes [06:47 02/11/2006] [06:47 02/11/2006] 350427E625989ABB1CC40A664FBF2FE7
sqmapi.dll --a---- 129536 bytes [19:41 28/01/2011] [04:36 19/01/2008] BF7E4D6F60A6D9E866432855C6F8C262
srchadmin.dll --a---- 301568 bytes [08:50 30/01/2011] [05:17 27/05/2008] 234CB691FBA69E8C1BE489A341586252
srclient.dll --a---- 40960 bytes [22:00 16/05/2008] [06:53 29/02/2008] 65CD4486413777AC55BE45E64CADD476
srcore.dll --a---- 378368 bytes [22:01 16/05/2008] [06:53 29/02/2008] 32C72F148883788C756DBCB38CB1FFE2
srrstr.dll --a---- 274944 bytes [19:41 28/01/2011] [04:36 19/01/2008] BFF675E2153002E5F361C01D97495173
SRSHP360.dll --a---- 98304 bytes [22:27 06/11/2007] [02:36 30/01/2007] 4527DBE66656CCB8C2242FA9F6EC82F5
SRSTSHD.dll --a---- 180224 bytes [22:27 06/11/2007] [22:24 25/01/2007] 422E22738D9721559CDC42C4F6C13A35
SRSTSXT.dll --a---- 339968 bytes [22:27 06/11/2007] [18:30 13/12/2006] E5639080A7FFA5F03642F4D4CDB1E9CE
SRSWOW.dll --a---- 135168 bytes [22:27 06/11/2007] [16:08 13/04/2007] 025BEE259EF4EBDCBB93523E2743C9A7
srvsvc.dll --a---- 125952 bytes [21:22 29/01/2011] [16:24 06/09/2010] 1925E63C91CF1610AE41BFD539062079
srwmi.dll --a---- 24064 bytes [19:41 28/01/2011] [04:36 19/01/2008] CA21FA27DF770C209F272B74B9C2B4C4
sscore.dll --a---- 9728 bytes [08:45 02/11/2006] [09:46 02/11/2006] 452341E471D2D961229DFE0842957272
ssdpapi.dll --a---- 37888 bytes [08:58 02/11/2006] [09:46 02/11/2006] 01BCD91CC2B0EFDA4890F547010750BD
ssdpsrv.dll --a---- 155648 bytes [19:41 28/01/2011] [04:36 19/01/2008] 03D50B37234967433A5EA5BA72BC0B62
SSShim.dll --a---- 109056 bytes [19:41 28/01/2011] [04:36 19/01/2008] 400785E27D21F6B46298D51E528B9442
sstpsvc.dll --a---- 116736 bytes [19:41 28/01/2011] [04:36 19/01/2008] 6F1A32E7B7B30F004D9A20AFADB14944
stclient.dll --a---- 63488 bytes [08:50 02/11/2006] [09:46 02/11/2006] BA65E6E525BEE55252AE2DA3CE07D9A6
sti.dll --a---- 198144 bytes [12:34 02/11/2006] [12:34 02/11/2006] 365828E555E9479246EFD9090C41C2D7
sti_ci.dll --a---- 251904 bytes [19:41 28/01/2011] [04:36 19/01/2008] 3495B8D2CA108894C5B8D53D2CA0D285
stobject.dll --a---- 586752 bytes [19:41 28/01/2011] [04:36 19/01/2008] 6CE4E67A31214337BB4381419228613B
storage.dll --a---- 4208 bytes [07:29 02/11/2006] [21:35 18/09/2006] 5C8CDB104C31D1624EDBEEF75C1506CF
Storprop.dll --a---- 55808 bytes [19:41 28/01/2011] [04:36 19/01/2008] 9C6A14893BFC5DA589EDA618AF238EF5
streamci.dll --a---- 22632 bytes [09:04 02/11/2006] [09:49 02/11/2006] E6E1613B3ADD6E68FF83CFAE864B095F
sud.dll --a---- 1224192 bytes [19:41 28/01/2011] [04:36 19/01/2008] 395EB15AB41B81B20BF21DB803ABF821
swprv.dll --a---- 310784 bytes [19:41 28/01/2011] [04:36 19/01/2008] B36C7CDB86F7F7A8E884479219766950
sxproxy.dll --a---- 28160 bytes [19:46 28/01/2011] [04:36 19/01/2008] 80C97417CCE0C1E1FBC09894C55CC231
sxs.dll --a---- 376832 bytes [19:41 28/01/2011] [04:36 19/01/2008] BE6FAC6F0745C67DAE7522C96406D083
sxsstore.dll --a---- 22016 bytes [19:41 28/01/2011] [04:36 19/01/2008] 9F433F65D10043295F42DD015B189426
SyncCenter.dll --a---- 2204672 bytes [19:41 28/01/2011] [04:36 19/01/2008] C8527AB1BC08E6BB57EA545DA8C6569F
synceng.dll --a---- 75776 bytes [19:41 28/01/2011] [04:36 19/01/2008] 8A0CF02E3DBC5C367A6A3B0C75D1374B
SynCOM.dll --a---- 163840 bytes [22:59 15/08/2007] [22:59 15/08/2007] 0E6C5B3E2ED4AD834CC0FF99DDC81D9F
SynCtrl.dll --a---- 196608 bytes [23:00 15/08/2007] [23:00 15/08/2007] 966F7FBBC51DF5833F0C9FC037318B10
syncui.dll --a---- 175616 bytes [19:41 28/01/2011] [04:36 19/01/2008] 6ECCE07B6A918E8A8639EA1178BDF32D
SynTPAPI.dll --a---- 147456 bytes [23:16 15/08/2007] [23:16 15/08/2007] E1DD757F095D8EC686A2F389DC27A471
SynTPCo4.dll --a---- 110592 bytes [00:01 16/08/2007] [00:01 16/08/2007] 8DAAA92106535C364C7A88D48129B157
sysclass.dll --a---- 103424 bytes [08:33 02/11/2006] [09:46 02/11/2006] E91005F378E8C72965364C9FE4EB4988
SysFxUI.dll --a---- 338944 bytes [19:41 28/01/2011] [04:36 19/01/2008] 1BAA26D1E827BF4E07D346DD9365DC2A
sysmain.dll --a---- 574976 bytes [19:41 28/01/2011] [04:36 19/01/2008] 8710A92D0024B03B5FB9540DF1F71F1D
sysntfy.dll --a---- 15360 bytes [08:44 02/11/2006] [09:46 02/11/2006] 71F5A7104FDF16C0AC5283A6CE666553
sysprepMCE.dll --a---- 5632 bytes [12:35 02/11/2006] [12:35 02/11/2006] 726D05DAC31FF05E45ABB6BE129CBBBF
syssetup.dll --a---- 47104 bytes [19:41 28/01/2011] [04:36 19/01/2008] 55CB0157393D81009C9040DD1D0AF9FE
systemcpl.dll --a---- 842752 bytes [19:41 28/01/2011] [04:36 19/01/2008] 412C70F1349298DBF1C65D0D45AB1FAB
t2embed.dll --a---- 157184 bytes [21:21 29/01/2011] [16:07 26/08/2010] ED0F7E497B69B6B0FB375C283E2B44BE
Tabbtn.dll --a---- 94208 bytes [19:41 28/01/2011] [04:36 19/01/2008] 77D2DA410460FEF5D1E8CCC7BEA0A75C
TabbtnEx.dll --a---- 52224 bytes [19:41 28/01/2011] [04:36 19/01/2008] ABAC43A2C3CB5E39AEE67769DB0D40A4
TabSvc.dll --a---- 68096 bytes [12:35 02/11/2006] [12:35 02/11/2006] 2DCA225EAE15F42C0933E998EE0231C3
tapi.dll --a---- 19216 bytes [06:50 02/11/2006] [21:49 18/09/2006] 77B9BDFFCE874766FE145C5CFD7AAC59
tapi3.dll --a---- 858112 bytes [09:16 02/11/2006] [09:46 02/11/2006] C289015F06B9D06269D8F13E920053AE
tapi32.dll --a---- 191488 bytes [09:16 02/11/2006] [09:46 02/11/2006] 70F08ECE7A30A639D3F0C8C433685C7D
tapilua.dll --a---- 28160 bytes [09:16 02/11/2006] [09:46 02/11/2006] A1350900D58CB1449045446A83FE7DD3
TapiMigPlugin.dll --a---- 98304 bytes [19:41 28/01/2011] [04:36 19/01/2008] C3AA265E9D8C0330AA663B0CA6CC8A79
tapiperf.dll --a---- 8704 bytes [09:16 02/11/2006] [09:46 02/11/2006] 24CDB68679A2A13359DE23AF7EFBFF0C
tapisrv.dll --a---- 242688 bytes [19:41 28/01/2011] [04:36 19/01/2008] 680916BB09EE0F3A6ACA7C274B0D633F
TapiSysprep.dll --a---- 9216 bytes [09:16 02/11/2006] [09:46 02/11/2006] E36DAEF5939CA3A03A6B4DA7E566C42F
tapiui.dll --a---- 108544 bytes [08:26 02/11/2006] [08:26 02/11/2006] 57EA46E9888DD1E8EBCDE48539AEF9E8
taskcomp.dll --a---- 270336 bytes [21:19 29/01/2011] [11:10 06/11/2010] E3923280E0D6E8A98925BA36E835CC73
taskschd.dll --a---- 357376 bytes [21:20 29/01/2011] [11:10 06/11/2010] F315E8A8517EBFA13ECD16011FB0A03B
TaskSchdPS.dll --a---- 73216 bytes [08:40 02/11/2006] [09:46 02/11/2006] CDE36A70A5280FC0696E6E4363C4C71D
tbs.dll --a---- 11776 bytes [19:41 28/01/2011] [04:36 19/01/2008] 60C600C19E81EAD67133DE2752839BAF
tbssvc.dll --a---- 56320 bytes [19:41 28/01/2011] [04:36 19/01/2008] CB05822CD9CC6C688168E113C603DBE7
TBTMon.dll --a---- 167936 bytes [19:05 08/12/2006] [19:05 08/12/2006] E662722D5C50AD1C0E201499E405FD73
tbtmon98Language.dll --a---- 94208 bytes [23:58 04/12/2006] [23:58 04/12/2006] 61FB95B6F2A8715282E05C92E4527C5A
TBTMonUI.dll --a---- 139264 bytes [23:00 10/08/2006] [23:00 10/08/2006] 2405FC87FE0299FF3EBAFF9644CF3293
TCMSVR.dll --a---- 9728 bytes [22:37 06/11/2007] [05:44 23/03/2006] A8172B5AFBB323A7530FACC6F7596CA3
tcpipcfg.dll --a---- 170496 bytes [19:41 28/01/2011] [04:36 19/01/2008] 2E4E9353D829636120CFDE95D60881BA
tcpmib.dll --a---- 28160 bytes [09:15 02/11/2006] [09:46 02/11/2006] 5091452DC719281CF1DD69367E13B494
tcpmon.dll --a---- 135168 bytes [19:41 28/01/2011] [04:36 19/01/2008] F9290D67C4B4B9B31CD3FC8BE73A4C9B
tcpmonui.dll --a---- 60928 bytes [09:15 02/11/2006] [09:46 02/11/2006] 844B11DB3A9E5B8A8260B9E8FD50823B
tdh.dll --a---- 431104 bytes [19:41 28/01/2011] [04:36 19/01/2008] 8A38B5E8493A9D103083B8620AC5F3A1
termmgr.dll --a---- 355328 bytes [19:40 28/01/2011] [04:36 19/01/2008] A9360CC957987A650AD58D49A550983D
termsrv.dll --a---- 448512 bytes [19:40 28/01/2011] [04:36 19/01/2008] D605031E225AACCBCEB5B76A4F1603A6
thawbrkr.dll --a---- 313344 bytes [08:50 30/01/2011] [05:17 27/05/2008] 7AA568ABE5EEFA5AE1BB43ECDD8D68AE
Thci.dll --a---- 24576 bytes [02:45 13/10/1999] [02:45 13/10/1999] 2BAB54632EAF98ED75D55E19C46955E4
themecpl.dll --a---- 1152000 bytes [19:40 28/01/2011] [04:36 19/01/2008] AE2D309FF06A20EEE51AC7037B474282
themeui.dll --a---- 615424 bytes [19:40 28/01/2011] [04:36 19/01/2008] 56BA1BD7176DBBFBD037275819DA4AE3
thumbcache.dll --a---- 80384 bytes [19:40 28/01/2011] [04:36 19/01/2008] 5016B8FC59AD616F03813FBE63295081
TimeDateMUICallback.dll --a---- 43008 bytes [19:40 28/01/2011] [04:36 19/01/2008] 11633B32B92953A6684FCAE4DDA09B56
TMM.dll --a---- 1298432 bytes [19:40 28/01/2011] [04:36 19/01/2008] 293C5CCD99D332ECC94637FEDA38D1F2
TOOLHELP.DLL --a---- 13888 bytes [07:10 02/11/2006] [07:10 02/11/2006] C86363C599E5D6836C21A3A3FD21C388
TosAcpiAPI.dll --a---- 61440 bytes [22:43 13/11/2003] [22:43 13/11/2003] 8BE770B9A06AF02FA6544B183FEBD53F
TosAvAPI.dll --a---- 53248 bytes [04:33 05/08/2006] [04:33 05/08/2006] 6A8A953F7EAB8A2D0603B029190C3609
TosAvctAPI.dll --a---- 90112 bytes [05:18 09/06/2006] [05:18 09/06/2006] 1157C82F041243BC0C3639D515CAEBE0
TosAvdtAPI.dll --a---- 131072 bytes [18:47 10/04/2007] [18:47 10/04/2007] 0BF3B9E43C0D1E1D308149746F5F8B24
TosBdAPI.dll --a---- 102400 bytes [19:52 12/04/2007] [19:52 12/04/2007] 24C78F9258B0052F7D0AA3ECA1FBD306
TosBtAcc.dll --a---- 114688 bytes [21:05 05/12/2006] [21:05 05/12/2006] E50D8ECB2814A1A69D99EE031BE8A988
TosBtAerialAPI.dll --a---- 73728 bytes [19:13 10/05/2006] [19:13 10/05/2006] 85CDC5BB79D67CE60BE3FF35F195CA70
TosBtAPI.dll --a---- 167936 bytes [00:46 23/05/2007] [00:46 23/05/2007] AB0AE298B34DC6A3C47ABC8036194CAA
TosBtCapApi.dll --a---- 106496 bytes [21:30 03/08/2006] [21:30 03/08/2006] 7E3FA5AB4D24496122C9822616C0BC49
TosBtECCAPI.dll --a---- 77824 bytes [19:05 10/05/2006] [19:05 10/05/2006] 558C7FE3994FD6269A9170B51D9AB985
TosBtExt.dll --a---- 1884160 bytes [02:08 30/03/2007] [02:08 30/03/2007] 132A8E6110E71B1561D90880B92B02C0
TosBtHcrpAPI.dll --a---- 94208 bytes [03:47 02/12/2006] [03:47 02/12/2006] DE955D6A5097DC306AF8C9F67E9A5F2D
TosBTHFPAPI.dll --a---- 53248 bytes [23:20 28/02/2007] [23:20 28/02/2007] 9FAEEF47687078505EC07DFAFD2E2FD0
TosBtHSPAPI.dll --a---- 49152 bytes [05:03 02/08/2006] [05:03 02/08/2006] 16F93C4F5FC8708B6BEF225C5D4BA261
TosBtObexApi.dll --a---- 151552 bytes [04:32 02/06/2006] [04:32 02/06/2006] F81E78412257C3C85B7A7C59E2D1A694
TosBtSDDB.dll --a---- 110592 bytes [22:58 15/05/2007] [22:58 15/05/2007] 8B98BA3FDE2B12E7D137DF45746D237F
tosBtShell.dll --a---- 569344 bytes [23:17 22/01/2007] [23:17 22/01/2007] DBC50749FC8B1364F3AF9CB1DE074FAB
ToscmddN.dll --a---- 40960 bytes [22:52 06/11/2007] [09:00 24/05/2007] B9FCE10A5F632D122642A14234BAA52E
TosCommAPI.dll --a---- 65536 bytes [05:30 23/07/2005] [05:30 23/07/2005] C427D04A9741B9E479E084AA1855F9F6
TosGnsAPI.dll --a---- 69632 bytes [21:09 10/08/2006] [21:09 10/08/2006] 865292EE1BCA080D86ED973A52C0D04F
TosHidAPI.dll --a---- 65536 bytes [04:07 09/11/2005] [04:07 09/11/2005] A31D75246BA79A89141316F31EB17B23
TosLaneAPI.dll --a---- 65536 bytes [23:15 26/09/2001] [23:15 26/09/2001] 9E165D07BF6C08CCEEE41CBC2D22427D
TosOlkN.dll --a---- 69632 bytes [22:52 06/11/2007] [09:00 24/05/2007] FB5E043AC9F118A5A323FA44AE8C5AE7
TosSndAPI.dll --a---- 61440 bytes [17:53 17/01/2007] [17:53 17/01/2007] E910EBBB4CC16E950E7F99A075663EE7
TosSndPlug.dll --a---- 491520 bytes [02:53 28/02/2007] [02:53 28/02/2007] CBA980E1B5489C92D727FA0E11D5EC5E
TosusrpN.dll --a---- 24576 bytes [22:52 06/11/2007] [09:00 24/05/2007] A6CCF629A1DB66BB70AA765B90CC10BC
TouchX.dll --a---- 2073600 bytes [12:35 02/11/2006] [12:35 02/11/2006] CF1E08120880E7F9F927754EF38FF72B
tpmcompc.dll --a---- 40960 bytes [08:30 02/11/2006] [09:46 02/11/2006] C2639565518CEC4CDC6A9A3036E44861
tquery.dll --a---- 1582592 bytes [08:50 30/01/2011] [05:21 27/05/2008] 0CBD1906F74BEB539FCEF6493095B933
traffic.dll --a---- 33280 bytes [08:57 02/11/2006] [09:46 02/11/2006] 980B20F5BC0629AA32FA4A62BF997A38
TRAPI.dll --a---- 18944 bytes [08:39 02/11/2006] [09:46 02/11/2006] A3F4A3BCA8C073BD089FB267218AFE82
trkwks.dll --a---- 75264 bytes [19:40 28/01/2011] [04:36 19/01/2008] EC74E77D0EB004BD3A809B5F8FB8C2CE
tsbyuv.dll --a---- 11776 bytes [17:52 21/03/2010] [12:35 28/12/2009] 643EA44BDDA0D52947D19DAE0BAB08DE
TSChannel.dll --a---- 16896 bytes [08:40 02/11/2006] [09:46 02/11/2006] B11FDCA4410D6252964EF97F9A47DE74
TSCI.DLL --a---- 24576 bytes [02:47 13/10/1999] [02:47 13/10/1999] 2611F58AEC4BB39387162F749FE8A558
tsddd.dll --a---- 14336 bytes [19:40 28/01/2011] [03:01 19/01/2008] CC21507D246861671A0BF97E75CE1B00
tsgqec.dll --a---- 53248 bytes [01:52 29/08/2009] [07:36 19/01/2008] 36D909A1AD98FFE32BB1CB6B6C6620E8
TSpkg.dll --a---- 62464 bytes [19:40 28/01/2011] [04:36 19/01/2008] F8873D15018F411588BEC02C1725BADA
tvratings.dll --a---- 26624 bytes [12:34 02/11/2006] [12:34 02/11/2006] 5AE3C16B30075D1BF22B010E3296EED2
txflog.dll --a---- 89088 bytes [19:40 28/01/2011] [04:36 19/01/2008] F5EEF736C8F69D0461D06054212F0307
txfw32.dll --a---- 10752 bytes [19:40 28/01/2011] [04:36 19/01/2008] 25B7CFA75A03A0FA19948FCDF21CF511
typelib.dll --a---- 177856 bytes [07:29 02/11/2006] [21:35 18/09/2006] 7161255DFA81E67B66B746D2504D2F2B
tzres.dll --a---- 2048 bytes [21:19 29/01/2011] [12:56 28/10/2010] 8256A6D9F7E25520C032227FCF88A4E3
udhisapi.dll --a---- 41472 bytes [08:58 02/11/2006] [09:46 02/11/2006] 01C5A928DE132CFDFD3B427472B7DA9D
uDWM.dll --a---- 208384 bytes [19:40 28/01/2011] [04:36 19/01/2008] 83E6F9D63CA13BFD70A91D4932D1BE1B
uexfat.dll --a---- 56320 bytes [19:40 28/01/2011] [04:36 19/01/2008] BB44CEE22800862E666974E7B14A1111
ufat.dll --a---- 92672 bytes [19:40 28/01/2011] [04:36 19/01/2008] 127AAAB0D465F5A4375E570750A5D562
UIAutomationCore.dll --a---- 152064 bytes [19:40 28/01/2011] [04:36 19/01/2008] 4E58242F363E84C31531B84C5EFA484A
uicom.dll --a---- 34816 bytes [08:58 02/11/2006] [09:46 02/11/2006] 8F483C5B871CD60CC7BA84AC9A6903A1
UIHub.dll --a---- 2588160 bytes [19:40 28/01/2011] [04:36 19/01/2008] DE8E22BC0268D81FF4FED229B0CB3293
ulib.dll --a---- 99840 bytes [19:40 28/01/2011] [04:36 19/01/2008] DC2C648F6A7CF165C4DA74B554377DF9
umb.dll --a---- 51712 bytes [19:40 28/01/2011] [04:36 19/01/2008] E45051C374F845EDF3DB02A35BA13193
umdmxfrm.dll --a---- 17408 bytes [08:58 02/11/2006] [09:46 02/11/2006] A48793D79D94F6E453B6B863BEC0279A
umpnpmgr.dll --a---- 221696 bytes [19:40 28/01/2011] [04:36 19/01/2008] 78F975CB6D18265BE6F492EDB2D7BC7B
unattend.dll --a---- 201216 bytes [19:40 28/01/2011] [04:36 19/01/2008] 229A772371FB5ABE27C18E5960BA3A65
unbcl.dll --a---- 736768 bytes [19:40 28/01/2011] [04:36 19/01/2008] 4C63A1B6CE2508C45E78B8FFD55F630D
unimdmat.dll --a---- 58880 bytes [08:58 02/11/2006] [09:46 02/11/2006] 0B71899E60D1265229BF3D080EAB573D
uniplat.dll --a---- 16384 bytes [08:58 02/11/2006] [09:46 02/11/2006] DFBAADF1B624DC71E88D34D86B3595BE
untfs.dll --a---- 322560 bytes [19:41 28/01/2011] [04:36 19/01/2008] AAC2B68228A3695A969C537EC318B4B8
upnp.dll --a---- 195584 bytes [19:41 28/01/2011] [04:36 19/01/2008] 3192ED5E2FFDF5B630541B9643AE1AA3
upnphost.dll --a---- 259072 bytes [19:41 28/01/2011] [04:36 19/01/2008] 68308183F4AE0BE7BF8ECD07CB297999
ureg.dll --a---- 23040 bytes [08:31 02/11/2006] [09:46 02/11/2006] DAE5F19812EBCEBC024EB7BE3EA28746
url.dll --a---- 105984 bytes [19:41 28/01/2011] [04:36 19/01/2008] 9A7498BD5BB37B20EA33BE45EAFF39D7
urlmon.dll --a---- 1174528 bytes [19:45 14/06/2011] [15:00 21/04/2011] FEDF099539E39797A58F136AC3144BE4
usbmon.dll --a---- 34304 bytes [19:41 28/01/2011] [04:36 19/01/2008] 0BF0BB276F17B6AD61A8694D2551EC28
usbperf.dll --a---- 11264 bytes [19:41 28/01/2011] [04:36 19/01/2008] DE5E219D1AADD476EED7D50AC42712F6
usbui.dll --a---- 83456 bytes [19:41 28/01/2011] [04:36 19/01/2008] C8B49DB7FEAF5864EF4A59A70064F8C9
user32.dll --a---- 627200 bytes [19:41 28/01/2011] [04:36 19/01/2008] B974D9F06DC7D1908E825DC201681269
usercpl.dll --a---- 1123840 bytes [19:41 28/01/2011] [04:36 19/01/2008] ABCA6466F1A17FE72D176201CE38AA5E
userenv.dll --a---- 108032 bytes [19:41 28/01/2011] [04:36 19/01/2008] DB5E62FABC9407756F35F5EFBB3E15E5
usp10.dll --a---- 501760 bytes [21:21 29/01/2011] [16:10 16/04/2010] A23E4692716C25E5AEA300ED74E73A1C
utildll.dll --a---- 29696 bytes [19:40 28/01/2011] [04:36 19/01/2008] 6491F188B51C7E3775B9F3F266EC9D6F
uudf.dll --a---- 130560 bytes [19:40 28/01/2011] [04:36 19/01/2008] 6E2C2D1A925AEFDA224534A96109DEED
uxsms.dll --a---- 28672 bytes [19:40 28/01/2011] [04:36 19/01/2008] 032A0ACC3909AE7215D524E29D536797
uxtheme.dll --a---- 240128 bytes [19:40 28/01/2011] [04:36 19/01/2008] 999D69DEB576C2C424294DF025891CC6
VAN.dll --a---- 257024 bytes [19:40 28/01/2011] [04:36 19/01/2008] 4C96E5B53EAF63BCBEA6FA79C9A0AE59
vbajet32.dll --a---- 30749 bytes [06:47 02/11/2006] [09:46 02/11/2006] 4995B131F6B4DA0F8F7D2191E37054BD
VBAME.DLL --a---- 47920 bytes [18:50 24/07/2006] [18:50 24/07/2006] 3F27A99C1415B86F6023D93465B2BD30
vbscript.dll --a---- 430080 bytes [05:20 03/05/2011] [15:35 16/02/2011] D5F28DF4C4100B233D7F5C708673696D
vcomp100.dll --a---- 51024 bytes [05:58 11/06/2011] [05:58 11/06/2011] 28D2B08D3D33670B0D010ED2BA2AB513
vdmdbg.dll --a---- 17408 bytes [19:40 28/01/2011] [04:36 19/01/2008] FBA97213A1223B9B38EA497FAB6ED050
vdmredir.dll --a---- 41984 bytes [19:40 28/01/2011] [04:36 19/01/2008] 8381D3333A896E253120D9C0FDE92498
vdsbas.dll --a---- 152064 bytes [19:40 28/01/2011] [04:36 19/01/2008] B5AF921AAFF91AE3A47AA58CD2E1439F
vdsdyn.dll --a---- 507904 bytes [19:40 28/01/2011] [04:36 19/01/2008] 1511F4013FF0B29EE3ACBE2B0960DCA9
vdsutil.dll --a---- 126976 bytes [19:40 28/01/2011] [04:36 19/01/2008] 10CA2DA2871B51A89BB424C11BBC683C
vds_ps.dll --a---- 37888 bytes [19:40 28/01/2011] [04:36 19/01/2008] 0A584EAAF70A171E919D8CE592407E94
ver.dll --a---- 9008 bytes [06:25 02/11/2006] [21:43 18/09/2006] D022D32A7BCB0B54C34BD687AC00564C
verifier.dll --a---- 157696 bytes [19:40 28/01/2011] [04:36 19/01/2008] 7EA4D54AAF5C0CE7865C494811515826
version.dll --a---- 20480 bytes [19:40 28/01/2011] [04:36 19/01/2008] 187D588F7A1A45DE48B8540401A90850
vfpodbc.dll --a---- 20535 bytes [10:24 02/11/2006] [09:46 02/11/2006] 7BF0CB472CF94227A4A75841352F23BF
vfwwdm32.dll --a---- 56832 bytes [19:40 28/01/2011] [04:36 19/01/2008] 65C092EF598DCCA1D665D52F06829512
vga.dll --a---- 10752 bytes [19:40 28/01/2011] [02:52 19/01/2008] 64B365FE354EDE2DF0FD12F6B87484FC
vga256.dll --a---- 56320 bytes [19:40 28/01/2011] [02:52 19/01/2008] D37B24B549421AB9D9F573B84EEFD60F
vga64k.dll --a---- 21504 bytes [19:40 28/01/2011] [02:52 19/01/2008] 9C733C88EB81CBA0C5A59E711B3078FC
VIDRESZR.DLL --a---- 246272 bytes [19:40 28/01/2011] [04:36 19/01/2008] E8CE716B23B75784C784E06478AD4248
vssapi.dll --a---- 1076224 bytes [19:41 28/01/2011] [04:36 19/01/2008] 00DE6E95C16103D25411789156C4928C
vsstrace.dll --a---- 69120 bytes [19:41 28/01/2011] [04:36 19/01/2008] DC3AE9F1554DCD97F90983DDBDACD83D
vss_ps.dll --a---- 26112 bytes [19:41 28/01/2011] [04:36 19/01/2008] AF25ECAA3D7F85DC13E348A6F79AD40D
vxblock.dll --a---- 39672 bytes [22:48 06/11/2007] [21:53 27/09/2006] D6898382E591DD85EB7AF5B269736CC5
w32time.dll --a---- 282624 bytes [19:42 28/01/2011] [04:36 19/01/2008] 1CF9206966A8458CDA9A8B20DF8AB7D3
w32topl.dll --a---- 26624 bytes [08:45 02/11/2006] [09:46 02/11/2006] 091D2012DF6E474283F84880F4DDA51A
WavDest.dll --a---- 46592 bytes [19:41 28/01/2011] [04:36 19/01/2008] 446ABD45606524FC3EF8C347503179D5
wavemsp.dll --a---- 222720 bytes [19:41 28/01/2011] [04:36 19/01/2008] 7BC0D791F3BB6AA4FA1DD9E0E7D4C744
wbemcomn.dll --a---- 357888 bytes [19:41 28/01/2011] [04:36 19/01/2008] 74B8C2EA72D43727142D12397D5A49F9
wcncsvc.dll --a---- 412672 bytes [19:41 28/01/2011] [04:36 19/01/2008] F3A5C2E1A6533192B070D06ECF6BE796
wcnwiz.dll --a---- 1532416 bytes [19:41 28/01/2011] [04:36 19/01/2008] 4EA1E896DE183A0576055914B9976399
WcsPlugInService.dll --a---- 32256 bytes [08:38 02/11/2006] [09:46 02/11/2006] 11BCB7AFCDD7AADACB5746F544D3A9C7
wdc.dll --a---- 1020928 bytes [19:41 28/01/2011] [04:36 19/01/2008] 8BE922327C9E9D7D1A23B3E323DE05BA
WdfCoInstaller01000.dll --a---- 1060424 bytes [18:58 09/03/2006] [18:58 09/03/2006] 106DB5E36DBB3E0A29D7D25275A7EF18
wdi.dll --a---- 73728 bytes [19:41 28/01/2011] [04:36 19/01/2008] ABFC76B48BB6C96E3338D8943C5D93B5
wdigest.dll --a---- 175104 bytes [14:47 30/08/2009] [15:24 15/06/2009] 29EC7259E8196D9F90A3D59B3D546FAF
wdscore.dll --a---- 218624 bytes [19:41 28/01/2011] [04:36 19/01/2008] C99A99CDF3F073F9BCA69B77D60B37FB
webcheck.dll --a---- 233984 bytes [19:41 28/01/2011] [04:36 19/01/2008] 4F4889A9D680714BE11B31BD01A0411A
WebClnt.dll --a---- 196608 bytes [19:41 28/01/2011] [04:36 19/01/2008] CF9A5F41789B642DB967021DE06A2713
wecapi.dll --a---- 56320 bytes [08:05 26/02/2011] [21:55 09/10/2009] F7D20026623E7136730FC42E25CBD2E6
wecsvc.dll --a---- 146944 bytes [08:05 26/02/2011] [21:55 09/10/2009] AE3736E7E8892241C23E4EBBB7453B60
wer.dll --a---- 876032 bytes [19:41 28/01/2011] [04:36 19/01/2008] EEF8941ABBD675AE84D016B4BDF9A6B4
wercplsupport.dll --a---- 62976 bytes [19:41 28/01/2011] [04:36 19/01/2008] 670FF720071ED741206D69BD995EA453
werdiagcontroller.dll --a---- 30208 bytes [19:41 28/01/2011] [04:36 19/01/2008] 103BBFCC2DBBE5D436F7985EAB8DACB8
wersvc.dll --a---- 125952 bytes [21:19 29/01/2011] [04:56 18/09/2008] FD1965AAA112C6818A30AB02742D0461
wevtapi.dll --a---- 250368 bytes [19:41 28/01/2011] [04:36 19/01/2008] E83DD205830F7FAEDA91E8E8D5C15ECC
wevtfwd.dll --a---- 81408 bytes [08:05 26/02/2011] [21:55 09/10/2009] D595A88D377366F93AFAEA20B8764A50
wevtsvc.dll --a---- 1013760 bytes [19:42 28/01/2011] [04:36 19/01/2008] 3ABDB4BEAE7CF1187109756D5F3A9BC0
wfapigp.dll --a---- 17920 bytes [19:42 28/01/2011] [04:36 19/01/2008] 0745D6EAD386710110817FBEC03F5161
whealogr.dll --a---- 31232 bytes [19:42 28/01/2011] [04:36 19/01/2008] 810FDC65624A3BC7EB48F5702FBB55AD
whhelper.dll --a---- 15360 bytes [08:49 02/11/2006] [09:46 02/11/2006] 978ABB8547246E1963708EEA895FB502
wiaaut.dll --a---- 547840 bytes [19:42 28/01/2011] [04:36 19/01/2008] 4078CA63B864B0FB1A0EB1E0262672EA
wiadefui.dll --a---- 415744 bytes [19:42 28/01/2011] [04:36 19/01/2008] CD2E884D7C54D7F6357676C085576852
wiadss.dll --a---- 112640 bytes [19:42 28/01/2011] [04:36 19/01/2008] 65283279D4EDE387C988F8B753C8F7E5
wiafbdrv.dll --a---- 89088 bytes [10:25 02/11/2006] [09:46 02/11/2006] 570DDCF8D16B39F46A440C2817C52E21
wiarpc.dll --a---- 32768 bytes [19:42 28/01/2011] [04:36 19/01/2008] 73FE2E5FA55088A241AA2732F5D387D6
wiascanprofiles.dll --a---- 88064 bytes [19:42 28/01/2011] [04:36 19/01/2008] 1DA930E7D613E7D426492C3B48D92EC8
wiaservc.dll --a---- 452608 bytes [19:42 28/01/2011] [04:36 19/01/2008] 7DD08A597BC56051F320DA0BAF69E389
wiashext.dll --a---- 443904 bytes [19:42 28/01/2011] [04:36 19/01/2008] E23DD885F5C1F6D2F0563878E570C922
wiatrace.dll --a---- 12800 bytes [12:34 02/11/2006] [12:34 02/11/2006] 428FF21418ADCD6FAD6189CD9520A67B
wiavideo.dll --a---- 109568 bytes [12:34 02/11/2006] [12:34 02/11/2006] 572798DB25CB98145D7441453A8FD514
WIFEMAN.DLL --a---- 9216 bytes [07:10 02/11/2006] [07:10 02/11/2006] 51331D29F13FDA16832DC5EE8FF9B781
win32spl.dll --a---- 443392 bytes [00:07 29/10/2008] [03:39 12/08/2008] 60CFFD3FA1179EA8C40671604071DA06
win87em.dll --a---- 13312 bytes [06:25 02/11/2006] [21:43 18/09/2006] C980C971AD4FF3CA5CEFDEF40932D3A1
winbrand.dll --a---- 869376 bytes [08:34 02/11/2006] [09:46 02/11/2006] 72910BC4A218C49EA8E43D1FAEC403A5
WindowsAnytimeUpgradeCPL.dll --a---- 1524736 bytes [19:42 28/01/2011] [04:34 19/01/2008] 5BDAA4C2ACA8BFCFBF65F8A7FEEDF46E
WindowsCodecs.dll --a---- 712704 bytes [20:56 21/02/2009] [03:40 28/08/2008] A5A3089763FE03C88C20B7C26CE15DD3
WindowsCodecsExt.dll --a---- 347136 bytes [20:56 21/02/2009] [03:40 28/08/2008] 4870F4E0080FD6625B1CA3BA24894597
winethc.dll --a---- 62464 bytes [19:42 28/01/2011] [04:36 19/01/2008] 0194725B40270F88A4F67E223B9F690B
winhttp.dll --a---- 378368 bytes [20:57 23/01/2010] [12:16 24/08/2009] CE412DEE2B485C11BA1802A64473E9BA
wininet.dll --a---- 833024 bytes [19:45 14/06/2011] [15:00 21/04/2011] DA5A72211661C7F162B332FEA4F09A69
winipsec.dll --a---- 61440 bytes [17:52 24/08/2008] [07:36 19/01/2008] 1F65F79C66D3F7172AA9C9D5FA8D1635
winmm.dll --a---- 189952 bytes [19:42 28/01/2011] [04:36 19/01/2008] EEFE4228157CE404F4A69DA90F288ECA
WINNLS.DLL --a---- 5120 bytes [07:10 02/11/2006] [07:10 02/11/2006] 37F4D55260E037EE9862D0AF93348755
winnsi.dll --a---- 14848 bytes [19:42 28/01/2011] [04:36 19/01/2008] 6B09105742C75DF80CEF21700F20F55A
winrnr.dll --a---- 19968 bytes [08:45 02/11/2006] [09:46 02/11/2006] FF78B8E67EDCE9FEED651D7858D77A04
winrscmd.dll --a---- 241152 bytes [08:04 26/02/2011] [21:56 09/10/2009] D1C18ACA47C53DA18FAD42C8FB9D6BE3
winrsmgr.dll --a---- 2048 bytes [08:06 26/02/2011] [21:56 09/10/2009] 3FA837E3C30334BA8CA5EEB2B375D50C
winrssrv.dll --a---- 10240 bytes [08:05 26/02/2011] [21:56 09/10/2009] 19CFA2BAEE7FA471786897A0113B52D9
WinSATAPI.dll --a---- 383488 bytes [19:42 28/01/2011] [04:36 19/01/2008] 3FCB7347D2DE38488C85A31EA7838A3C
WinSCard.dll --a---- 115200 bytes [19:42 28/01/2011] [04:36 19/01/2008] 6F12098823894C744F45D632CB45BD18
winshfhc.dll --a---- 8192 bytes [08:44 02/11/2006] [09:46 02/11/2006] 3D611073EA61C8370C5F126BDCDAB28E
WINSOCK.DLL --a---- 2864 bytes [07:10 02/11/2006] [07:10 02/11/2006] 68485C5EF0E2EFCEBF21BBB1042B823B
winsockhc.dll --a---- 48640 bytes [08:58 02/11/2006] [09:46 02/11/2006] D6533DD879F0A95F42CFE4450201B60D
WINSRPC.DLL --a---- 16896 bytes [19:42 28/01/2011] [04:36 19/01/2008] 01410489BE96973092492CE2FCB12833
winsrv.dll --a---- 375808 bytes [13:35 13/07/2011] [14:47 20/04/2011] F42F8855CB5C22E203C6672B124F17FD
winsta.dll --a---- 140800 bytes [19:42 28/01/2011] [04:36 19/01/2008] 4AAFC7461633848AA87A363B2CBEC522
wintrust.dll --a---- 171520 bytes [12:12 14/04/2010] [12:43 23/12/2009] 6E012DA20D59C3991751CA6E8C71EB06
winusb.dll --a---- 16384 bytes [19:42 28/01/2011] [04:36 19/01/2008] E5A905BDD0007868FB87007C13324479
wkssvc.dll --a---- 160256 bytes [01:52 29/08/2009] [12:12 10/06/2009] 2AE2E1628C5D3F1C0A46A67C9FA1DF15
wlanapi.dll --a---- 64512 bytes [15:09 13/09/2009] [07:36 19/01/2008] F28F5E62EEA67807AD4D4449F29BE2BD
wlancfg.dll --a---- 92160 bytes [19:42 28/01/2011] [04:36 19/01/2008] D8D98FF46419DD13C83F657FBF03B9A8
WLanConn.dll --a---- 628224 bytes [19:42 28/01/2011] [04:36 19/01/2008] 6D48C42BF2DC4225353B86F2E2B90CFA
wlandlg.dll --a---- 498688 bytes [19:41 28/01/2011] [04:36 19/01/2008] 46590FAE32B3A4DCDFCEA9996DDEF18D
wlangpui.dll --a---- 399360 bytes [19:41 28/01/2011] [04:36 19/01/2008] 0E0CB123DF7E39A6EDF562E2270265E9
WLanHC.dll --a---- 120832 bytes [19:41 28/01/2011] [04:36 19/01/2008] 420725F9BA3C008446D3849E0099B34D
wlanhlp.dll --a---- 68096 bytes [15:09 13/09/2009] [07:36 19/01/2008] 4B8BE68C1F19509BC62E6A2846D429C1
wlaninst.dll --a---- 14848 bytes [08:55 02/11/2006] [09:46 02/11/2006] C7FCB0BE2F96883D4E520E89C1E65851
WlanMM.dll --a---- 913408 bytes [19:41 28/01/2011] [04:36 19/01/2008] 63E3520ADC155653CB86E5FC37EB32DD
WlanMmHC.dll --a---- 41472 bytes [19:41 28/01/2011] [04:36 19/01/2008] 409CAF2DEE948DFF5ECB8ACC1EA7ABAC
wlanmsm.dll --a---- 293376 bytes [15:09 13/09/2009] [19:32 11/07/2009] ABE9DEC1E78226F70F5A6D18F701AFF2
wlanpref.dll --a---- 1671680 bytes [19:41 28/01/2011] [04:36 19/01/2008] CFB1737C17BA3172D490F26A4CD17781
wlansec.dll --a---- 302592 bytes [15:09 13/09/2009] [19:32 11/07/2009] 2938E3B155C2647137A1910F534E66BE
wlansvc.dll --a---- 513024 bytes [15:09 13/09/2009] [19:32 11/07/2009] 275F4346E569DF56CFB95243BD6F6FF0
wlanui.dll --a---- 202752 bytes [19:41 28/01/2011] [04:36 19/01/2008] FDE26DC12682D5D5F7A6A84EC82936DA
wlanutil.dll --a---- 8192 bytes [08:55 02/11/2006] [09:46 02/11/2006] EB2170D0DDF3B2A92506AE16BC524B0B
Wldap32.dll --a---- 289280 bytes [19:41 28/01/2011] [04:36 19/01/2008] 44638B7584A362E7B50B1EDD859FACAD
wlgpclnt.dll --a---- 83456 bytes [19:41 28/01/2011] [04:36 19/01/2008] 0636D4FE43C198C289F37BE4083204D0
WlS0WndH.dll --a---- 8192 bytes [08:44 02/11/2006] [09:46 02/11/2006] 92283D9E33EC5F41ECC0B430B7459241
WMADMOD.DLL --a---- 758784 bytes [19:41 28/01/2011] [04:36 19/01/2008] 0ABCCD4A0BD110B49B1523FF9C0F1A53
WMADMOE.DLL --a---- 1118720 bytes [19:41 28/01/2011] [04:36 19/01/2008] 6C4D28E993A5885DAC7C63E1F30FCA4E
WMALFXGFXDSP.dll --a---- 1312256 bytes [19:41 28/01/2011] [04:37 19/01/2008] 0727200F10320A6BA7E59433094FBBA7
WMASF.DLL --a---- 223232 bytes [19:41 28/01/2011] [04:37 19/01/2008] 36CCD8A79539C4ACE3BABE09C2CFBA16
wmdmlog.dll --a---- 31744 bytes [12:35 02/11/2006] [12:35 02/11/2006] 10F1107338B2DDDFFCE33EBAC630901D
wmdmps.dll --a---- 36864 bytes [12:35 02/11/2006] [12:35 02/11/2006] 9F1FAC04A274ADF9F65F9E1B851BDB1E
wmdrmdev.dll --a---- 418304 bytes [19:41 28/01/2011] [04:37 19/01/2008] F1ECEC53B9FFC30E123D14E087C49111
wmdrmnet.dll --a---- 347648 bytes [19:41 28/01/2011] [04:37 19/01/2008] D571295B71C60A67F6F2EA987E5CC3B0
wmdrmsdk.dll --a---- 533504 bytes [19:41 28/01/2011] [04:37 19/01/2008] C05605F34B72E17F99175B335491E190
wmerror.dll --a---- 2048 bytes [12:35 02/11/2006] [12:35 02/11/2006] D35B934A5101034057C71FB80B6FA6C3
wmi.dll --a---- 5120 bytes [09:16 02/11/2006] [09:44 02/11/2006] BFE74095684093F14D24801C8C0D16E3
wmicmiplugin.dll --a---- 345088 bytes [21:20 29/01/2011] [11:10 06/11/2010] B8F5F3C5D15D62943414AA6BF5E7B781
wmidx.dll --a---- 154624 bytes [19:41 28/01/2011] [04:37 19/01/2008] 1A85426DD61606F318CAB5D4C96749D7
wmiprop.dll --a---- 23040 bytes [19:41 28/01/2011] [04:37 19/01/2008] 1210E91D16E67065CBF5B164D99A36EC
WMNetMgr.dll --a---- 996352 bytes [20:55 21/02/2009] [01:59 23/06/2008] AAAEC76D0A5FD68FA625BCFE41DEAC82
wmp.dll --a---- 10626560 bytes [21:22 29/01/2011] [18:18 10/09/2010] 801027F97983D22AB6F177C658F70C02
wmpcm.dll --a---- 22016 bytes [19:41 28/01/2011] [04:37 19/01/2008] 00FF632D7E614BDABAFDF4DA44E72A75
wmpdxm.dll --a---- 313344 bytes [01:51 29/08/2009] [13:00 14/07/2009] 914776E7D5DD07AAA6F228BB36BD6D2E
wmpeffects.dll --a---- 303616 bytes [03:16 13/09/2008] [03:29 26/06/2008] 6BAE5BBABA7DB190EDB51C946C0F7351
WMPEncEn.dll --a---- 1642496 bytes [19:41 28/01/2011] [04:37 19/01/2008] D150E03EE910DCE326EE21BCF430CBA0
WMPhoto.dll --a---- 276992 bytes [19:41 28/01/2011] [04:37 19/01/2008] 93EDDF0105F0E6D9170F0F06594F5A2E
wmploc.DLL --a---- 8147456 bytes [21:22 29/01/2011] [16:37 10/09/2010] 0C47181269A2E16AEDD0FF4B6DBCFBA9
wmpmde.dll --a---- 866816 bytes [21:20 29/01/2011] [15:21 20/08/2010] 6544320E7BABB601E9D95A1FEFE7FC49
wmpps.dll --a---- 131072 bytes [12:35 02/11/2006] [12:35 02/11/2006] 617F9A5813E69F6E9ED94B811EC75396
wmpshell.dll --a---- 101376 bytes [19:41 28/01/2011] [04:37 19/01/2008] 0143E15F94FD523C588EDD47609F905F
wmpsrcwp.dll --a---- 184320 bytes [19:41 28/01/2011] [04:37 19/01/2008] D9FE5A3637ED2FB8659735B6D89681B4
wmsgapi.dll --a---- 10752 bytes [08:44 02/11/2006] [09:46 02/11/2006] F0321DA5203F1E71917F3B7A13DC4912
WMSPDMOD.DLL --a---- 604672 bytes [03:00 16/10/2009] [12:37 02/04/2009] 43A448FE59022D77A2535A6FC2D825B9
WMSPDMOE.DLL --a---- 1329152 bytes [19:41 28/01/2011] [04:37 19/01/2008] FD5A586242139DA8277963ED6C3EEA9E
WMVCORE.DLL --a---- 2386944 bytes [15:07 13/09/2009] [12:11 10/06/2009] 92D6ECFBCAACD81F33FF2ED748A50C2A
WMVDECOD.DLL --a---- 1548288 bytes [19:41 28/01/2011] [04:37 19/01/2008] 4C89D745968897ED3DA855834CABC73B
wmvdspa.dll --a---- 153600 bytes [19:41 28/01/2011] [04:37 19/01/2008] 71DC4E0D713D113A260A83646EA7E8F9
WMVENCOD.DLL --a---- 1575424 bytes [19:41 28/01/2011] [04:37 19/01/2008] 7DCE1C9C5A0587A3A8C6D0F855B13D2C
WMVSDECD.DLL --a---- 1382912 bytes [19:41 28/01/2011] [04:37 19/01/2008] 6B7D14E296E0C5E23EC1F5D6F1DDBF61
WMVSENCD.DLL --a---- 767488 bytes [19:41 28/01/2011] [04:37 19/01/2008] E6B2D16067C5EFFC8A50958B91C0E8B2
WMVXENCD.DLL --a---- 657408 bytes [19:41 28/01/2011] [04:37 19/01/2008] 3E21A5DEBB236BCF591058AC99875851
wow32.dll --a---- 273920 bytes [19:41 28/01/2011] [04:37 19/01/2008] 5DD74D2DDADDC3B4366AF7C52F9B5CFF
Wpc.dll --a---- 296960 bytes [19:41 28/01/2011] [04:37 19/01/2008] A9662BCF218BC76869A8D91635D5F93A
wpcao.dll --a---- 532992 bytes [19:41 28/01/2011] [04:37 19/01/2008] 71A69423264EF646B8437E1F40B43666
wpccpl.dll --a---- 1580544 bytes [19:41 28/01/2011] [04:37 19/01/2008] 2CCE6A45391E4B67EED1B712693DBD4F
wpclsp.dll --a---- 72192 bytes [19:41 28/01/2011] [04:37 19/01/2008] DD1D685D387A8AC666BA3B7539C774E8
wpcsvc.dll --a---- 140288 bytes [19:41 28/01/2011] [04:37 19/01/2008] 5D94CD167751294962BA238D82DD1BB8
wpdbusenum.dll --a---- 70144 bytes [19:41 28/01/2011] [04:37 19/01/2008] 396D406292B0CD26E3504FFE82784702
WpdConns.dll --a---- 33280 bytes [19:41 28/01/2011] [04:37 19/01/2008] F9149F00D3DCD47C11B842A2B42E1E36
WpdMtp.dll --a---- 151552 bytes [10:25 02/11/2006] [09:46 02/11/2006] 0290A9782395937F41D80A1D56A1DE91
WpdMtpUS.dll --a---- 60928 bytes [19:41 28/01/2011] [04:37 19/01/2008] 872ABDB47733CFA919F4CB5009E8BE25
wpdshext.dll --a---- 2537472 bytes [19:41 28/01/2011] [04:37 19/01/2008] 689C2A3B8C6CBC64E6959C7C858B742C
WPDShServiceObj.dll --a---- 131584 bytes [19:41 28/01/2011] [04:37 19/01/2008] A216F1C708CA4CBB7E1EB096C3A7EC5F
WPDSp.dll --a---- 349184 bytes [19:41 28/01/2011] [04:37 19/01/2008] F9A1336E8AAB8B90E86C43C292B38D72
wpdwcn.dll --a---- 203776 bytes [19:41 28/01/2011] [04:37 19/01/2008] CCFF5EF17E0139D832BBCE449086BDD9
wpd_ci.dll --a---- 613888 bytes [19:41 28/01/2011] [04:37 19/01/2008] 766D7BA4A77149A25CDABE1B484BE8DB
ws2help.dll --a---- 4608 bytes [08:58 02/11/2006] [09:44 02/11/2006] 17C0671BF57057108A6D949510EE42C8
ws2_32.dll --a---- 179200 bytes [19:41 28/01/2011] [04:37 19/01/2008] B304D47D5744BA20FCB99FB8B2C07B0B
wscapi.dll --a---- 33792 bytes [19:41 28/01/2011] [04:37 19/01/2008] F297A62208FEE458552EB7FBD2444012
wscisvif.dll --a---- 17408 bytes [19:41 28/01/2011] [04:37 19/01/2008] D02675B1C7F1EE276248C7EE039F1D63
wscmisetup.dll --a---- 56320 bytes [19:41 28/01/2011] [04:37 19/01/2008] D8C268C29655FB27F9FBE2F79662D531
wscntfy.dll --a---- 224768 bytes [19:41 28/01/2011] [04:37 19/01/2008] C6061829D943C9579BD620464ACEFE1F
wscproxystub.dll --a---- 9728 bytes [19:41 28/01/2011] [04:37 19/01/2008] FE3702015BE4D214808A2FBC07B8E5FF
wscsvc.dll --a---- 61440 bytes [19:41 28/01/2011] [04:37 19/01/2008] 683DD16B590372F2C9661D277F35E49C
WSDApi.dll --a---- 351232 bytes [16:58 15/11/2009] [13:05 10/08/2009] D7F8D560FF816126F4DB520D1BDC3281
wsdchngr.dll --a---- 20992 bytes [09:16 02/11/2006] [09:46 02/11/2006] CCAF246004F719F858E841A2BA12C308
WSDMon.dll --a---- 177664 bytes [19:41 28/01/2011] [04:37 19/01/2008] 47C4359FA1E1460F16CEBD1A2BCA73BE
wsecedit.dll --a---- 1295360 bytes [19:41 28/01/2011] [04:37 19/01/2008] 210FFD034BDB5108B55B6EC23CD4CE6E
wsepno.dll --a---- 29184 bytes [08:50 30/01/2011] [05:18 27/05/2008] 41A100BD1E2D6A4BE838CB97C833A024
wshbth.dll --a---- 34304 bytes [08:55 02/11/2006] [09:46 02/11/2006] 4431834E287DE5AE715D964215014048
wshcon.dll --a---- 36864 bytes [19:41 28/01/2011] [04:37 19/01/2008] B4C7D1C851E3DB5CA9D10386403A186D
wshelper.dll --a---- 14336 bytes [08:58 02/11/2006] [09:46 02/11/2006] 20614C9F12A3A09A5015C9EBBD4419D2
wshext.dll --a---- 90112 bytes [21:18 29/01/2011] [21:59 08/05/2008] F825B8CEC8523C7542C2E397D31DB292
wship6.dll --a---- 9216 bytes [19:41 28/01/2011] [04:37 19/01/2008] 9E80FF0752E365F97FD2D1D68C2AFDA1
wshirda.dll --a---- 10752 bytes [08:57 02/11/2006] [09:46 02/11/2006] E9D1EF681E0F3B95C9B5FD648FA95371
wshnetbs.dll --a---- 11264 bytes [08:57 02/11/2006] [09:46 02/11/2006] DCB19845AAB3C0C958DF4340B36586DF
wshqos.dll --a---- 13824 bytes [08:57 02/11/2006] [09:46 02/11/2006] 05C3B38DB95BA5585817A4F898EE5581
wshrm.dll --a---- 14848 bytes [08:57 02/11/2006] [09:46 02/11/2006] 0BBA784F01BF8F78FF8237C598A9CE53
WSHTCPIP.DLL --a---- 9216 bytes [19:41 28/01/2011] [04:37 19/01/2008] 22CFAEB9172F5F198048401485CD0571
WSManMigrationPlugin.dll --a---- 252416 bytes [08:04 26/02/2011] [21:55 09/10/2009] 6B57C7A878B176E6D95200CEF19DDEEC
WsmAuto.dll --a---- 145408 bytes [08:04 26/02/2011] [21:56 09/10/2009] DE21E8012F3946A647C9B38A636EE9EC
wsmplpxy.dll --a---- 10240 bytes [08:05 26/02/2011] [21:56 09/10/2009] D80AAE1CDAFAC1E0ADEDC7D312EF61D0
WsmRes.dll --a---- 54272 bytes [08:05 26/02/2011] [21:55 09/10/2009] 1311171CF8F6D2954441EF2A42693035
WsmSvc.dll --a---- 1181696 bytes [08:04 26/02/2011] [21:56 09/10/2009] 7CFE68BDC065E55AA5E8421607037511
WsmWmiPl.dll --a---- 214016 bytes [08:04 26/02/2011] [21:56 09/10/2009] 148DB2E11E0A44FEB053250303BA02DD
wsnmp32.dll --a---- 50688 bytes [19:41 28/01/2011] [04:37 19/01/2008] 1367EF1C1BA82E4A559FEDA1F0D8383C
wsock32.dll --a---- 15360 bytes [19:41 28/01/2011] [04:37 19/01/2008] E582816A4855914DEFFC212E12B3B744
wtsapi32.dll --a---- 26624 bytes [19:41 28/01/2011] [04:37 19/01/2008] F42483814FC39170B3982A184EC5AAA2
wuapi.dll --a---- 575704 bytes [16:32 15/11/2009] [02:23 07/08/2009] 009758CC06B7F55B4A4D16A66E243C24
wuaueng.dll --a---- 1929952 bytes [16:33 15/11/2009] [02:23 07/08/2009] 6298277B73C77FA99106B271A7525163
wucltux.dll --a---- 2421760 bytes [16:33 15/11/2009] [01:45 07/08/2009] 5B56A7A5AE0C118CF6413A6E99170BF8
WUDFCoinstaller.dll --a---- 87552 bytes [19:41 28/01/2011] [04:37 19/01/2008] C5537911533608EB6FF2FEBC028B0B57
WUDFPlatform.dll --a---- 181248 bytes [19:41 28/01/2011] [04:37 19/01/2008] 399BB52AD0668472717498E97CF28341
WUDFSvc.dll --a---- 55296 bytes [19:41 28/01/2011] [04:37 19/01/2008] 575A4190D989F64732119E4114045A4F
WUDFx.dll --a---- 305152 bytes [19:41 28/01/2011] [04:37 19/01/2008] 4B72B5B342ADA4DE8DEEA39CCE465B58
wudriver.dll --a---- 87552 bytes [16:32 15/11/2009] [01:44 07/08/2009] 6022D8D461C04593BD87DFAA9444D797
wups.dll --a---- 35552 bytes [16:32 15/11/2009] [02:24 07/08/2009] 1D326842006C4BE77ECD848CF89F01AB
wups2.dll --a---- 44768 bytes [16:33 15/11/2009] [02:24 07/08/2009] 5BD1234E11B39C63BBA87022AF6D43C2
wuwebv.dll --a---- 171608 bytes [16:31 15/11/2009] [00:23 07/08/2009] BE2DE642AA0D55CB644D87C97A2C01AE
wvc.dll --a---- 456704 bytes [19:41 28/01/2011] [04:37 19/01/2008] 0C623EE72C9B28BF6AF81DB08C5B6CB7
wzcdlg.dll --a---- 70144 bytes [19:41 28/01/2011] [04:37 19/01/2008] 35CB76C87FFEC62CA59ACDC94FA8845D
xactsrv.dll --a---- 95232 bytes [19:41 28/01/2011] [04:37 19/01/2008] CC8DE25AD6CBA4416BA9E309CC3C1DD2
XInput9_1_0.dll --a---- 26112 bytes [12:34 02/11/2006] [12:34 02/11/2006] 1105F267E9A50528EBC88A000652F2A3
xmlfilter.dll --a---- 56320 bytes [08:50 30/01/2011] [05:18 27/05/2008] 439F040603EC7E07ED47C1C37FEC4FCE
xmllite.dll --a---- 183296 bytes [19:41 28/01/2011] [04:37 19/01/2008] 84ABB260A81130D39126EF79F2624E15
xmlprovi.dll --a---- 16384 bytes [19:41 28/01/2011] [04:37 19/01/2008] EE62862E6CA53940951CA2B9AA1456C6
xolehlp.dll --a---- 38912 bytes [14:57 07/06/2009] [03:27 06/06/2008] 81269DEBF9341E7E402A0373ECC288E2
XPSSHHDR.dll --a---- 574976 bytes [19:41 28/01/2011] [04:37 19/01/2008] 4A149599A7336DF7ED588761F4A8CFA8
xpssvcs.dll --a---- 1675264 bytes [19:41 28/01/2011] [04:37 19/01/2008] 3F729AE2C1900E0FF2514BD095D426D1
xwizards.dll --a---- 296448 bytes [19:41 28/01/2011] [04:37 19/01/2008] 4EC8572B3E74DB47F45A1BC9750950EF
xwreg.dll --a---- 79360 bytes [08:55 02/11/2006] [09:46 02/11/2006] 3A8474F34B1380F7CA426FFAC0F923F8
xwtpw32.dll --a---- 95744 bytes [19:41 28/01/2011] [04:37 19/01/2008] D1B995DD331CC987CF5AF255DFC4D417
zipfldr.dll --a---- 342016 bytes [19:41 28/01/2011] [04:37 19/01/2008] F41857E440A9DF3FD5A543C8B2A53048

---Folders---
0409 d------ [12:42 02/11/2006]
AdvancedInstallers d------ [11:18 02/11/2006]
ar-SA d------ [11:18 02/11/2006]
bg-BG d------ [11:18 02/11/2006]
Boot d------ [11:18 02/11/2006]
Branding d------ [12:42 02/11/2006]
catroot d------ [11:18 02/11/2006]
catroot2 d------ [11:18 02/11/2006]
CodeIntegrity d------ [11:18 02/11/2006]
com d------ [11:18 02/11/2006]
config d------ [11:18 02/11/2006]
cs-CZ d------ [11:18 02/11/2006]
da-DK d------ [11:18 02/11/2006]
de-DE d------ [11:18 02/11/2006]
drivers d------ [11:18 02/11/2006]
DriverStore d------ [11:18 02/11/2006]
el-GR d------ [11:18 02/11/2006]
en d------ [12:42 02/11/2006]
en-US d------ [11:18 02/11/2006]
es-ES d------ [11:18 02/11/2006]
et-EE d------ [11:18 02/11/2006]
fi-FI d------ [11:18 02/11/2006]
fr-FR d------ [11:18 02/11/2006]
GroupPolicy d------ [11:18 02/11/2006]
GroupPolicyUsers d------ [11:18 02/11/2006]
he-IL d------ [11:18 02/11/2006]
hr-HR d------ [11:18 02/11/2006]
hu-HU d------ [11:18 02/11/2006]
ias d------ [11:18 02/11/2006]
icsxml d------ [11:18 02/11/2006]
IME d------ [11:18 02/11/2006]
inetsrv d------ [11:18 02/11/2006]
it-IT d------ [11:18 02/11/2006]
ja-JP d------ [11:18 02/11/2006]
ko-KR d------ [11:18 02/11/2006]
Lang d------ [21:27 11/12/2007]
licensing d------ [11:18 02/11/2006]
LogFiles d------ [11:18 02/11/2006]
lt-LT d------ [11:18 02/11/2006]
lv-LV d------ [11:18 02/11/2006]
Macromed d------ [23:13 06/11/2007]
manifeststore d------ [11:18 02/11/2006]
Microsoft d---s-- [12:47 02/11/2006]
migration d------ [11:18 02/11/2006]
migwiz d------ [11:18 02/11/2006]
Msdtc d------ [11:18 02/11/2006]
MUI d------ [11:18 02/11/2006]
nb-NO d------ [11:18 02/11/2006]
NDF d------ [11:18 02/11/2006]
networklist d------ [11:18 02/11/2006]
nl-NL d------ [11:18 02/11/2006]
oobe d-a---- [11:18 02/11/2006]
pl-PL d------ [11:18 02/11/2006]
Printing_Admin_Scripts d------ [12:42 02/11/2006]
pt-BR d------ [11:18 02/11/2006]
pt-PT d------ [11:18 02/11/2006]
ras d------ [11:18 02/11/2006]
RemInst d------ [11:18 02/11/2006]
restore d------ [12:37 02/11/2006]
ro-RO d------ [11:18 02/11/2006]
RTCOM d------ [22:28 06/11/2007]
ru-RU d------ [11:18 02/11/2006]
SDA d------ [22:50 06/11/2007]
setup d------ [11:18 02/11/2006]
sk-SK d------ [11:18 02/11/2006]
sl-SI d------ [11:18 02/11/2006]
slmgr d------ [12:42 02/11/2006]
SLUI d------ [11:18 02/11/2006]
SMI d------ [11:18 02/11/2006]
Speech d------ [11:18 02/11/2006]
spool d------ [11:18 02/11/2006]
sr-Latn-CS d------ [11:18 02/11/2006]
sv-SE d------ [11:18 02/11/2006]
sysprep d-a---- [11:18 02/11/2006]
Tasks d------ [11:18 02/11/2006]
th-TH d------ [11:18 02/11/2006]
tr-TR d------ [11:18 02/11/2006]
uk-UA d------ [11:18 02/11/2006]
wbem d------ [11:18 02/11/2006]
WCN d------ [12:42 02/11/2006]
WDI d------ [11:18 02/11/2006]
wfp d------ [11:18 02/11/2006]
WindowsPowerShell d------ [08:11 26/02/2011]
winevt d------ [11:18 02/11/2006]
winrm d------ [12:42 02/11/2006]
XPSViewer d------ [12:37 02/11/2006]
zh-CN d------ [11:18 02/11/2006]
zh-HK d------ [11:18 02/11/2006]
zh-TW d------ [11:18 02/11/2006]

-= EOF =-

This is what I needed.

Just to confirm: you ran systemlook from a boot disk, right?
if you ran it booting normally from your infected computer, this report will be useless.

Ok, I have found a suspect.

Let's hope we are lucky here. First we need to isolate the file.
Boot from your precious boot cd

find this file:
c:\windows\system32\drivers\vgapnp.sys

Make a copy of it, for example copy it to your root (C:\vgapnp.sys), but making a copy in the same directory is also fine. Copying it to a USB drive is also fine.

Submit the file you copied for analysis to www.virustotal.com. A report will follow. Please copy the URL of that report into your next reply (will look something like http://www.virustotal.com/analisis/fgye76t5ytuarfy7n7837q3uq3)

Cross fingers

is this what you're looking for

https://www.virustotal.com/file/06c06ef87f7dc668d23b50aa5f419f62474acf90e325e167491bf290286d6594/analysis/1338724783/

it said it analyzed the file in the past.and this is the it here

https://www.virustotal.com/file/06c06ef87f7dc668d23b50aa5f419f62474acf90e325e167491bf290286d6594/analysis/

this is all very confusing.....hahahaha

so that's not our culprit

*sigh*

We're going to need a break, because I am running out of ideas.

• Boot your system with the OTLPE boot disk.
  
• Find the OTLPE icon and double click it to run OTLPE
  
• Answer Yes and OK to all prompts
  
• Ensure the option Automatically Load All Remaining Users is checked
  
• OTL should now start. Set the option Drivers to Non-Microsoft
  
• Copy and paste the following text into the Custom Scans/Fixes field:
  

  %APPDATA%\Microsoft\*.*
  %systemroot%\system32\config\systemprofile\*.dat /x
  %USERPROFILE%\Desktop\*.exe
  %PROGRAMFILES%\Common Files\*.*
  %systemroot%\winn32\*.*
  %USERPROFILE%\My Documents\*.exe
  %USERPROFILE%\*.exe
  %PROGRAMFILES%\Mozilla Firefox\*.exe
  %ProgramFiles%\TinyProxy.
  %systemroot%\system32\*.* /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.* /lockedfiles
  %PROGRAMFILES%\*.
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  CREATERESTOREPOINT
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs

  
  
• Click Run Scan to start the scan
  
• When finished, a log file C:\OTL.txt will be created
  
• Please post the contents of the file in your next reply

Okay, I have tried 3 times after I booted up

It completes the scan, but it will not give me a log. No where, not on C: it just says scan complete

So I try and run under regular start up, and once again it stops at firefox settings, and will not complete scan.

This stinks, and thanks for your help thusfar

Yes it stinks. My tools are usually loyal to me and they all fail to be very helpful


We try one more offline tool and see what that brings. After that I think we're going to try an AV rescue disk and do a dumb scan.

Please download the Recovery Scan Tool by Farbar from here and save it to the root of your harddisk (C:\FSRT.exe).

• Boot with the OTLPE boot disk
  
• Browse to c:\FRST.exe and run it.
  
• Run the scan without changing any of the options
  
• A log will be created (FRST.txt), please post that here.
  

EDIT:
Also in OTLPE boot mode, run systemlook.exe and copy the following script:

:filefind
services.exe

Click Look and post the systemlook.txt back here.

Okay, got the FSRT log, but the systemlook didn't do much when i added the script

here is FSRT

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 03-06-2012
Ran by SYSTEM at 04-06-2012 13:05:50
Running from C:\Users\JonEJet\Downloads
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2007-09-20] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [129560 2007-09-20] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-15] (Synaptics, Inc.)
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [1862144 2007-11-06] (Google)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [413696 2009-05-26] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [198160 2010-02-01] (RealNetworks, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKU\Default\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-05-18] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2007-05-18] (TOSHIBA)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
Startup: C:\Users\JonEJet\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\JonEJet\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> (No File)

================================ Services (Whitelisted) ==================

2 AgereModemAudio; C:\Windows\system32\agrsmsvc.exe [9216 2006-10-05] (Agere Systems)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
2 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-15] (TOSHIBA CORPORATION)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-19] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [181784 2007-09-24] (WildTangent, Inc.)
3 GoogleDesktopManager; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [1862144 2007-11-06] (Google)
2 gupdate1caa3b3b7341e00; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [133104 2010-02-01] (Google Inc.)
2 lxdu_device; C:\Windows\system32\lxducoms.exe -service [589824 2010-10-14] ( )
3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe [129976 2012-04-20] (Mozilla Foundation)
2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
2 TNaviSrv; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-09-19] (TOSHIBA Corporation)
2 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation)
2 TosCoSrv; "C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe" [427576 2007-03-29] (TOSHIBA Corporation)
2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [125048 2007-02-26] (TOSHIBA CORPORATION)
2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.)
2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [x]
2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [x]

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [20696 2012-03-06] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57688 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [35672 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [612184 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337880 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53848 2012-03-06] (AVAST Software)
4 KR10I; C:\Windows\System32\drivers\kr10i.sys [219264 2006-11-09] (TOSHIBA CORPORATION)
4 KR10N; C:\Windows\System32\drivers\kr10n.sys [211072 2006-11-09] (TOSHIBA CORPORATION)
4 KR3NPXP; C:\Windows\System32\drivers\kr3npxp.sys [479488 2006-09-27] (TOSHIBA CORPORATION)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-06-03] (Malwarebytes Corporation)
4 Processor; C:\Windows\System32\drivers\processr.sys [38400 2006-11-02] (Microsoft Corporation)
0 ACPI; system32\drivers\acpi.sys [x]
3 AgereSoftModem; system32\DRIVERS\AGRSM.sys [x]
3 AsyncMac; system32\DRIVERS\asyncmac.sys [x]
0 atapi; system32\drivers\atapi.sys [x]
2 avgntflt; system32\DRIVERS\avgntflt.sys [x]
1 avipbb; system32\DRIVERS\avipbb.sys [x]
4 blbdrive; C:\Windows\System32\drivers\blbdrive.sys [x]
3 bowser; system32\DRIVERS\bowser.sys [x]
3 catchme; \??\C:\Users\JonEJet\AppData\Local\Temp\catchme.sys [x]
4 cdfs; system32\DRIVERS\cdfs.sys [x]
1 cdrom; system32\DRIVERS\cdrom.sys [x]
0 CLFS; System32\CLFS.sys [x]
3 CmBatt; system32\DRIVERS\CmBatt.sys [x]
0 Compbatt; system32\DRIVERS\compbatt.sys [x]
0 crcdisk; system32\drivers\crcdisk.sys [x]
2 CWMonitor; \??\C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys [x]
1 DfsC; System32\Drivers\dfsc.sys [x]
0 disk; system32\drivers\disk.sys [x]
3 drmkaud; system32\drivers\drmkaud.sys [x]
3 E1G60; system32\DRIVERS\E1G60I32.sys [x]
0 Ecache; System32\drivers\ecache.sys [x]
4 fdc; system32\DRIVERS\fdc.sys [x]
0 FileInfo; system32\drivers\fileinfo.sys [x]
3 Filetrace; system32\drivers\filetrace.sys [x]
4 flpydisk; system32\DRIVERS\flpydisk.sys [x]
0 FltMgr; system32\drivers\fltmgr.sys [x]
3 FwLnk; system32\DRIVERS\FwLnk.sys [x]
3 HdAudAddService; system32\drivers\HdAudio.sys [x]
3 HDAudBus; system32\DRIVERS\HDAudBus.sys [x]
3 HidUsb; system32\DRIVERS\hidusb.sys [x]
3 HTTP; system32\drivers\HTTP.sys [x]
1 i8042prt; system32\DRIVERS\i8042prt.sys [x]
3 igfx; system32\DRIVERS\igdkmd32.sys [x]
3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]
0 intelide; system32\drivers\intelide.sys [x]
3 intelppm; system32\DRIVERS\intelppm.sys [x]
3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [x]
3 IpInIp; system32\DRIVERS\ipinip.sys [x]
3 IPNAT; system32\DRIVERS\ipnat.sys [x]
3 IRENUM; system32\drivers\irenum.sys [x]
3 iScsiPrt; system32\DRIVERS\msiscsi.sys [x]
1 kbdclass; system32\DRIVERS\kbdclass.sys [x]
1 kbdhid; system32\DRIVERS\kbdhid.sys [x]
0 KSecDD; System32\Drivers\ksecdd.sys [x]
2 lltdio; system32\DRIVERS\lltdio.sys [x]
3 Modem; system32\drivers\modem.sys [x]
3 monitor; system32\DRIVERS\monitor.sys [x]
1 mouclass; system32\DRIVERS\mouclass.sys [x]
3 mouhid; system32\DRIVERS\mouhid.sys [x]
0 MountMgr; System32\drivers\mountmgr.sys [x]
3 mpsdrv; System32\drivers\mpsdrv.sys [x]
3 mrxsmb; system32\DRIVERS\mrxsmb.sys [x]
3 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [x]
3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [x]
0 msahci; system32\drivers\msahci.sys [x]
0 msisadrv; system32\drivers\msisadrv.sys [x]
3 MSKSSRV; system32\drivers\MSKSSRV.sys [x]
3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [x]
3 MSPQM; system32\drivers\MSPQM.sys [x]
3 mssmbios; system32\DRIVERS\mssmbios.sys [x]
3 MSTEE; system32\drivers\MSTEE.sys [x]
0 Mup; System32\Drivers\mup.sys [x]
3 NativeWifiP; system32\DRIVERS\nwifi.sys [x]
0 NDIS; system32\drivers\ndis.sys [x]
3 NdisTapi; system32\DRIVERS\ndistapi.sys [x]
3 Ndisuio; system32\DRIVERS\ndisuio.sys [x]
3 NdisWan; system32\DRIVERS\ndiswan.sys [x]
1 NetBIOS; system32\DRIVERS\netbios.sys [x]
1 netbt; System32\DRIVERS\netbt.sys [x]
1 nsiproxy; system32\drivers\nsiproxy.sys [x]
3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
3 ohci1394; system32\DRIVERS\ohci1394.sys [x]
0 partmgr; System32\drivers\partmgr.sys [x]
0 pci; system32\drivers\pci.sys [x]
0 pcmcia; system32\DRIVERS\pcmcia.sys [x]
2 PEAUTH; system32\drivers\peauth.sys [x]
3 PptpMiniport; system32\DRIVERS\raspptp.sys [x]
1 PSched; system32\DRIVERS\pacer.sys [x]
0 PxHelp20; System32\Drivers\PxHelp20.sys [x]
1 RasAcd; System32\DRIVERS\rasacd.sys [x]
3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [x]
3 RasPppoe; system32\DRIVERS\raspppoe.sys [x]
3 RasSstp; system32\DRIVERS\rassstp.sys [x]
1 rdbss; system32\DRIVERS\rdbss.sys [x]
1 RDPCDD; System32\DRIVERS\RDPCDD.sys [x]
1 RDPENCDD; system32\drivers\rdpencdd.sys [x]
2 rspndr; system32\DRIVERS\rspndr.sys [x]
3 RTL8169; system32\DRIVERS\Rtlh86.sys [x]
3 RTL8187B; system32\DRIVERS\RTL8187B.sys [x]
3 sdbus; system32\DRIVERS\sdbus.sys [x]
3 Sftfs; system32\DRIVERS\Sftfslh.sys [x]
3 Sftplay; system32\DRIVERS\Sftplaylh.sys [x]
3 Sftredir; system32\DRIVERS\Sftredirlh.sys [x]
3 Sftvol; system32\DRIVERS\Sftvollh.sys [x]
1 Smb; system32\DRIVERS\smb.sys [x]
3 srv; System32\DRIVERS\srv.sys [x]
3 srv2; System32\DRIVERS\srv2.sys [x]
3 srvnet; System32\DRIVERS\srvnet.sys [x]
1 ssmdrv; system32\DRIVERS\ssmdrv.sys [x]
3 SVRPEDRV; \??\C:\Windows\System32\sysprep\UP_date\PEDrv.sys [x]
3 swenum; system32\DRIVERS\swenum.sys [x]
3 SynTP; system32\DRIVERS\SynTP.sys [x]
0 Tcpip; System32\drivers\tcpip.sys [x]
3 Tcpip6; system32\DRIVERS\tcpip.sys [x]
2 tcpipreg; System32\drivers\tcpipreg.sys [x]
3 tdcmdpst; system32\DRIVERS\tdcmdpst.sys [x]
3 TDPIPE; system32\drivers\tdpipe.sys [x]
3 TDTCP; system32\drivers\tdtcp.sys [x]
1 tdx; system32\DRIVERS\tdx.sys [x]
1 TermDD; system32\DRIVERS\termdd.sys [x]
3 tifm21; system32\drivers\tifm21.sys [x]
3 Tosrfcom; [x]
0 tos_sps32; system32\DRIVERS\tos_sps32.sys [x]
3 tssecsrv; System32\DRIVERS\tssecsrv.sys [x]
3 tunmp; system32\DRIVERS\tunmp.sys [x]
3 tunnel; system32\DRIVERS\tunnel.sys [x]
0 TVALZ; system32\DRIVERS\TVALZ_O.SYS [x]
4 udfs; system32\DRIVERS\udfs.sys [x]
3 umbus; system32\DRIVERS\umbus.sys [x]
3 usbccgp; system32\DRIVERS\usbccgp.sys [x]
3 usbehci; system32\DRIVERS\usbehci.sys [x]
3 usbhub; system32\DRIVERS\usbhub.sys [x]
3 usbprint; system32\DRIVERS\usbprint.sys [x]
3 usbscan; system32\DRIVERS\usbscan.sys [x]
3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [x]
3 usbuhci; system32\DRIVERS\usbuhci.sys [x]
3 usbvideo; System32\Drivers\usbvideo.sys [x]
3 vga; system32\DRIVERS\vgapnp.sys [x]
0 volmgr; system32\drivers\volmgr.sys [x]
0 volmgrx; System32\drivers\volmgrx.sys [x]
0 volsnap; system32\drivers\volsnap.sys [x]
3 Wanarp; system32\DRIVERS\wanarp.sys [x]
1 Wanarpv6; system32\DRIVERS\wanarp.sys [x]
0 Wdf01000; system32\drivers\Wdf01000.sys [x]
3 WpdUsb; system32\DRIVERS\wpdusb.sys [x]
3 WUDFRd; system32\DRIVERS\WUDFRd.sys [x]
3 yukonwlh; system32\DRIVERS\yk60x86.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-04 12:53 - 2012-06-04 12:56 - 0000000 ____D C:\FRST
2012-06-04 11:32 - 2012-06-04 11:34 - 0000821 ____A C:\Users\JonEJet\Documents\directionsIII.txt
2012-06-04 11:30 - 2012-06-04 11:30 - 0868860 ____A C:\Users\JonEJet\Downloads\FSRT.exe
2012-06-03 12:29 - 2012-06-01 10:16 - 0595968 ____A (OldTimer Tools) C:\Users\JonEJet\Documents\OTL.exe
2012-06-03 12:24 - 2012-06-03 12:24 - 0001528 ____A C:\Users\JonEJet\Documents\directionsII.txt
2012-06-03 12:16 - 2012-06-03 12:16 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-06-03 07:30 - 2012-06-03 07:30 - 0000771 ____A C:\Users\JonEJet\Documents\directions.txt
2012-06-03 07:27 - 2012-06-03 07:28 - 0000771 ____A C:\Users\JonEJet\Desktop\directions.txt
2012-06-02 23:46 - 2012-06-03 16:19 - 2137415680 __ASH C:\hiberfil.sys
2012-06-02 23:39 - 2012-06-02 23:39 - 0432370 ____A C:\Users\JonEJet\Desktop\SystemLook.txt
2012-06-02 20:39 - 2012-06-02 21:11 - 0432368 ____A C:\Users\JonEJet\Downloads\SystemLook.txt
2012-06-02 14:55 - 2012-06-02 14:55 - 98077435 ____A (Igor Pavlov) C:\Users\JonEJet\Desktop\OTLPEStd.exe
2012-06-01 12:59 - 2012-06-01 12:59 - 0000000 ____D C:\Users\JonEJet\AppData\Local\Seven Zip
2012-06-01 12:26 - 2012-06-01 12:26 - 16339280 ____A (Mozilla) C:\Users\JonEJet\Desktop\Firefox Setup 12.0.exe
2012-06-01 12:24 - 2012-06-01 12:27 - 0000857 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-01 10:16 - 2012-06-01 10:16 - 0595968 ____A (OldTimer Tools) C:\Users\JonEJet\Desktop\OTL.exe
2012-06-01 10:02 - 2012-06-01 10:03 - 0139264 ____A C:\Users\JonEJet\Downloads\SystemLook.exe
2012-05-31 21:23 - 2012-05-31 21:23 - 0000000 ____A C:\temp.txt
2012-05-31 21:01 - 2012-05-31 21:01 - 0000000 ____D C:\Program Files\Amazon
2012-05-31 21:00 - 2012-06-01 11:45 - 0000000 ____D C:\Program Files\Amazon Browser Bar
2012-05-31 21:00 - 2012-05-31 21:00 - 0090624 ____A C:\Users\Public\AlexaNSISPlugin.5340.dll
2012-05-31 11:30 - 2012-05-31 11:31 - 0116094 ____A C:\TDSSKiller.2.7.38.0_31.05.2012_11.30.13_log.txt
2012-05-31 10:23 - 2012-05-31 10:23 - 0000000 ____D C:\Users\JonEJet\Documents\OneNote Notebooks
2012-05-31 10:01 - 2012-06-01 12:27 - 0000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-05-31 09:41 - 2012-05-31 09:41 - 0607260 ____R (Swearware) C:\Users\JonEJet\Desktop\dds.scr
2012-05-31 09:34 - 2012-05-31 09:34 - 0302592 ____A C:\Users\JonEJet\Desktop\gmer.exe
2012-05-31 09:27 - 2012-05-31 09:27 - 0201728 ____A (OldTimer Tools) C:\Users\JonEJet\Desktop\OTC.exe
2012-05-31 09:18 - 2012-05-31 09:18 - 0000000 ____A C:\Windows\System32\sho5BF7.tmp
2012-05-30 17:53 - 2012-05-30 17:53 - 0138120 ____A (ESET) C:\Users\JonEJet\Desktop\ESETSirefefRemover.exe
2012-05-30 17:52 - 2012-05-30 17:52 - 0154916 ____A C:\Users\JonEJet\gmer.txt
2012-05-30 17:52 - 2012-05-30 17:52 - 0000495 ____A C:\Users\JonEJet\Desktop\gmer - Shortcut.lnk
2012-05-30 17:00 - 2012-05-30 17:00 - 0302592 ____A C:\Users\JonEJet\Desktop\311zqyeh.exe
2012-05-30 11:22 - 2012-05-30 11:22 - 0001788 ____A C:\Users\JonEJet\Desktop\aswMBR.txt
2012-05-30 11:22 - 2012-05-30 11:22 - 0000512 ____A C:\Users\JonEJet\Desktop\MBR.dat
2012-05-30 11:14 - 2012-05-30 11:14 - 0138472 ____A C:\Windows\Minidump\Mini053012-02.dmp
2012-05-30 11:09 - 2012-05-30 11:09 - 0138472 ____A C:\Windows\Minidump\Mini053012-01.dmp
2012-05-30 11:04 - 2012-05-30 11:05 - 4731392 ____A (AVAST Software) C:\Users\JonEJet\Desktop\aswMBR.exe
2012-05-30 10:20 - 2012-05-30 10:20 - 0000000 ____D C:\Users\JonEJet\AppData\Roaming\FixZeroAccess
2012-05-30 09:45 - 2012-05-30 09:46 - 1805736 ____A (Symantec Corporation) C:\Users\JonEJet\Desktop\FixZeroAccess.exe
2012-05-29 12:27 - 2012-05-29 12:27 - 0047616 ____A C:\Users\JonEJet\Downloads\Win32kDiag.exe
2012-05-29 11:34 - 2012-05-29 11:34 - 0302592 ____A C:\Users\JonEJet\Downloads\uyougp9z.exe
2012-05-29 11:23 - 2012-05-29 11:27 - 0000000 ____D C:\Program Files\Free Download Manager
2012-05-29 11:22 - 2012-05-29 11:22 - 0000000 ____D C:\Users\JonEJet\AppData\Roaming\Babylon
2012-05-29 11:19 - 2012-05-29 11:19 - 0809328 ____A (AirInstaller Inc.) C:\Users\JonEJet\Downloads\setup.exe
2012-05-29 11:02 - 2012-05-29 11:02 - 0000268 ____A C:\Users\JonEJet\Documents\CFScript.txt
2012-05-29 10:55 - 2012-05-29 10:55 - 0000314 ____A C:\Users\JonEJet\Documents\Note pad.txt
2012-05-29 10:52 - 2012-05-29 10:52 - 0595968 ____A (OldTimer Tools) C:\Users\JonEJet\Downloads\OTL.com
2012-05-29 10:46 - 2012-05-29 10:46 - 0080384 ____A C:\Users\JonEJet\Downloads\MBRCheck.exe
2012-05-29 10:33 - 2012-05-29 10:33 - 0000000 ____A C:\Windows\System32\shoD4F8.tmp
2012-05-28 16:49 - 2012-05-28 16:49 - 0002042 ____A C:\Users\JonEJet\Desktop\Sophos Virus Removal Tool.lnk
2012-05-28 16:49 - 2012-05-28 16:49 - 0000000 ____D C:\Program Files\Sophos
2012-05-28 16:45 - 2012-05-28 16:46 - 82493320 ____A (Sophos Limited) C:\Users\JonEJet\Downloads\Sophos Virus Removal Tool.exe
2012-05-28 15:46 - 2012-05-28 15:46 - 2127448 ____A (Kaspersky Lab ZAO) C:\Users\JonEJet\Downloads\tdsskiller(1).exe
2012-05-28 15:04 - 2012-05-28 15:46 - 0000000 ____D C:\Users\JonEJet\AppData\Local\blekkotb_031
2012-05-28 15:04 - 2012-05-28 15:04 - 0000000 ____D C:\avast! sandbox

============ 3 Months Modified Files and Folders ===============

2012-06-04 12:56 - 2012-06-04 12:53 - 0000000 ____D C:\FRST
2012-06-04 12:54 - 2008-03-31 15:54 - 0000000 ____D C:\users\JonEJet
2012-06-04 12:54 - 2006-11-02 07:18 - 0000000 ___RD C:\users\Public
2012-06-04 11:34 - 2012-06-04 11:32 - 0000821 ____A C:\Users\JonEJet\Documents\directionsIII.txt
2012-06-04 11:34 - 2007-12-11 17:06 - 1897908 ____A C:\Windows\WindowsUpdate.log
2012-06-04 11:30 - 2012-06-04 11:30 - 0868860 ____A C:\Users\JonEJet\Downloads\FSRT.exe
2012-06-04 11:28 - 2006-11-02 08:47 - 0003568 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-04 11:28 - 2006-11-02 08:47 - 0003568 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-04 00:55 - 2010-02-01 23:10 - 0000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-03 20:31 - 2006-11-02 06:33 - 0704254 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-03 16:19 - 2012-06-02 23:46 - 2137415680 __ASH C:\hiberfil.sys
2012-06-03 16:19 - 2006-11-02 09:01 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-03 15:15 - 2006-11-02 09:01 - 0032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-03 12:29 - 2011-01-28 15:33 - 0000000 ____D C:\7d1574fde4d4f62857c0d08caf69
2012-06-03 12:29 - 2007-11-11 11:18 - 0000000 ____D C:\DOCS
2012-06-03 12:24 - 2012-06-03 12:24 - 0001528 ____A C:\Users\JonEJet\Documents\directionsII.txt
2012-06-03 12:16 - 2012-06-03 12:16 - 0040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-06-03 07:30 - 2012-06-03 07:30 - 0000771 ____A C:\Users\JonEJet\Documents\directions.txt
2012-06-03 07:28 - 2012-06-03 07:27 - 0000771 ____A C:\Users\JonEJet\Desktop\directions.txt
2012-06-02 23:51 - 2011-04-05 21:05 - 0000000 ____D C:\Windows\ERDNT
2012-06-02 23:46 - 2007-11-06 19:27 - 0507752 ____A C:\Windows\PFRO.log
2012-06-02 23:44 - 2011-12-18 20:31 - 2675270 ____A C:\Windows\ntbtlog.txt
2012-06-02 23:39 - 2012-06-02 23:39 - 0432370 ____A C:\Users\JonEJet\Desktop\SystemLook.txt
2012-06-02 21:11 - 2012-06-02 20:39 - 0432368 ____A C:\Users\JonEJet\Downloads\SystemLook.txt
2012-06-02 14:55 - 2012-06-02 14:55 - 98077435 ____A (Igor Pavlov) C:\Users\JonEJet\Desktop\OTLPEStd.exe
2012-06-02 11:34 - 2011-05-18 16:44 - 0001356 ____A C:\Users\JonEJet\AppData\Local\d3d9caps.dat
2012-06-02 11:10 - 2006-11-02 08:52 - 0024781 ____A C:\Windows\setupact.log
2012-06-02 11:05 - 2007-11-06 18:28 - 0000000 ____D C:\Windows\System32\RTCOM
2012-06-01 12:59 - 2012-06-01 12:59 - 0000000 ____D C:\Users\JonEJet\AppData\Local\Seven Zip
2012-06-01 12:27 - 2012-06-01 12:24 - 0000857 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-01 12:27 - 2012-05-31 10:01 - 0000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-06-01 12:27 - 2009-07-24 21:11 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-06-01 12:26 - 2012-06-01 12:26 - 16339280 ____A (Mozilla) C:\Users\JonEJet\Desktop\Firefox Setup 12.0.exe
2012-06-01 11:45 - 2012-05-31 21:00 - 0000000 ____D C:\Program Files\Amazon Browser Bar
2012-06-01 11:35 - 2011-01-28 17:33 - 0000000 ____D C:\Users\JonEJet\AppData\Roaming\SoftGrid Client
2012-06-01 10:16 - 2012-06-03 12:29 - 0595968 ____A (OldTimer Tools) C:\Users\JonEJet\Documents\OTL.exe
2012-06-01 10:16 - 2012-06-01 10:16 - 0595968 ____A (OldTimer Tools) C:\Users\JonEJet\Desktop\OTL.exe
2012-06-01 10:03 - 2012-06-01 10:02 - 0139264 ____A C:\Users\JonEJet\Downloads\SystemLook.exe
2012-05-31 21:23 - 2012-05-31 21:23 - 0000000 ____A C:\temp.txt
2012-05-31 21:01 - 2012-05-31 21:01 - 0000000 ____D C:\Program Files\Amazon
2012-05-31 21:00 - 2012-05-31 21:00 - 0090624 ____A C:\Users\Public\AlexaNSISPlugin.5340.dll
2012-05-31 13:41 - 2008-03-31 15:57 - 0089424 ____A C:\Users\JonEJet\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-31 11:31 - 2012-05-31 11:30 - 0116094 ____A C:\TDSSKiller.2.7.38.0_31.05.2012_11.30.13_log.txt
2012-05-31 10:23 - 2012-05-31 10:23 - 0000000 ____D C:\Users\JonEJet\Documents\OneNote Notebooks
2012-05-31 09:41 - 2012-05-31 09:41 - 0607260 ____R (Swearware) C:\Users\JonEJet\Desktop\dds.scr
2012-05-31 09:34 - 2012-05-31 09:34 - 0302592 ____A C:\Users\JonEJet\Desktop\gmer.exe
2012-05-31 09:27 - 2012-05-31 09:27 - 0201728 ____A (OldTimer Tools) C:\Users\JonEJet\Desktop\OTC.exe
2012-05-31 09:19 - 2006-11-02 08:47 - 0349920 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-31 09:18 - 2012-05-31 09:18 - 0000000 ____A C:\Windows\System32\sho5BF7.tmp
2012-05-30 17:53 - 2012-05-30 17:53 - 0138120 ____A (ESET) C:\Users\JonEJet\Desktop\ESETSirefefRemover.exe
2012-05-30 17:52 - 2012-05-30 17:52 - 0154916 ____A C:\Users\JonEJet\gmer.txt
2012-05-30 17:52 - 2012-05-30 17:52 - 0000495 ____A C:\Users\JonEJet\Desktop\gmer - Shortcut.lnk
2012-05-30 17:00 - 2012-05-30 17:00 - 0302592 ____A C:\Users\JonEJet\Desktop\311zqyeh.exe
2012-05-30 11:22 - 2012-05-30 11:22 - 0001788 ____A C:\Users\JonEJet\Desktop\aswMBR.txt
2012-05-30 11:22 - 2012-05-30 11:22 - 0000512 ____A C:\Users\JonEJet\Desktop\MBR.dat
2012-05-30 11:14 - 2012-05-30 11:14 - 0138472 ____A C:\Windows\Minidump\Mini053012-02.dmp
2012-05-30 11:14 - 2011-12-24 16:50 - 194156225 ____A C:\Windows\MEMORY.DMP
2012-05-30 11:14 - 2011-12-24 16:50 - 0000000 ____D C:\Windows\Minidump
2012-05-30 11:09 - 2012-05-30 11:09 - 0138472 ____A C:\Windows\Minidump\Mini053012-01.dmp
2012-05-30 11:05 - 2012-05-30 11:04 - 4731392 ____A (AVAST Software) C:\Users\JonEJet\Desktop\aswMBR.exe
2012-05-30 10:20 - 2012-05-30 10:20 - 0000000 ____D C:\Users\JonEJet\AppData\Roaming\FixZeroAccess
2012-05-30 09:46 - 2012-05-30 09:45 - 1805736 ____A (Symantec Corporation) C:\Users\JonEJet\Desktop\FixZeroAccess.exe
2012-05-29 21:41 - 2011-04-08 13:49 - 0000000 ____D C:\Users\JonEJet\Desktop\Scapes New
2012-05-29 12:27 - 2012-05-29 12:27 - 0047616 ____A C:\Users\JonEJet\Downloads\Win32kDiag.exe
2012-05-29 11:34 - 2012-05-29 11:34 - 0302592 ____A C:\Users\JonEJet\Downloads\uyougp9z.exe
2012-05-29 11:28 - 2008-03-31 15:56 - 0000000 ____D C:\Users\JonEJet\AppData\LocalLow
2012-05-29 11:27 - 2012-05-29 11:23 - 0000000 ____D C:\Program Files\Free Download Manager
2012-05-29 11:22 - 2012-05-29 11:22 - 0000000 ____D C:\Users\JonEJet\AppData\Roaming\Babylon
2012-05-29 11:19 - 2012-05-29 11:19 - 0809328 ____A (AirInstaller Inc.) C:\Users\JonEJet\Downloads\setup.exe
2012-05-29 11:02 - 2012-05-29 11:02 - 0000268 ____A C:\Users\JonEJet\Documents\CFScript.txt
2012-05-29 10:55 - 2012-05-29 10:55 - 0000314 ____A C:\Users\JonEJet\Documents\Note pad.txt
2012-05-29 10:52 - 2012-05-29 10:52 - 0595968 ____A (OldTimer Tools) C:\Users\JonEJet\Downloads\OTL.com
2012-05-29 10:46 - 2012-05-29 10:46 - 0080384 ____A C:\Users\JonEJet\Downloads\MBRCheck.exe
2012-05-29 10:33 - 2012-05-29 10:33 - 0000000 ____A C:\Windows\System32\shoD4F8.tmp
2012-05-28 16:49 - 2012-05-28 16:49 - 0002042 ____A C:\Users\JonEJet\Desktop\Sophos Virus Removal Tool.lnk
2012-05-28 16:49 - 2012-05-28 16:49 - 0000000 ____D C:\Program Files\Sophos
2012-05-28 16:46 - 2012-05-28 16:45 - 82493320 ____A (Sophos Limited) C:\Users\JonEJet\Downloads\Sophos Virus Removal Tool.exe
2012-05-28 15:46 - 2012-05-28 15:46 - 2127448 ____A (Kaspersky Lab ZAO) C:\Users\JonEJet\Downloads\tdsskiller(1).exe
2012-05-28 15:46 - 2012-05-28 15:04 - 0000000 ____D C:\Users\JonEJet\AppData\Local\blekkotb_031
2012-05-28 15:11 - 2006-11-02 07:18 - 0000000 _SHDC C:\Windows\$NtUninstallKB46020$
2012-05-28 15:04 - 2012-05-28 15:04 - 0000000 ____D C:\avast! sandbox
2012-05-28 12:15 - 2009-07-26 00:35 - 0005120 ____A C:\Users\JonEJet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-27 10:19 - 2006-11-02 07:18 - 0000000 ____D C:\Windows\SchCache
2012-05-27 10:01 - 2012-01-01 16:22 - 0000917 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-27 10:01 - 2010-12-07 06:54 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-05-23 21:04 - 2010-02-01 23:00 - 0001982 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-05-15 12:02 - 2011-01-28 18:43 - 0000000 ____D C:\Users\JonEJet\Desktop\Scapes Old
2012-05-14 16:22 - 2011-01-28 15:06 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-10 03:09 - 2006-11-02 06:24 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-05-07 13:16 - 2006-11-02 06:23 - 0002577 ____A C:\Windows\System32\config.nt
2012-04-04 15:56 - 2010-12-07 06:54 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-26 08:56 - 2012-03-26 08:56 - 0000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd0b4fdb4952f0.job
2012-03-12 20:07 - 2008-05-03 23:31 - 0000000 ____D C:\Users\JonEJet\AppData\Roaming\Adobe
2012-03-11 16:52 - 2012-03-11 16:52 - 0037623 ____A C:\Users\JonEJet\Downloads\van-halen-tour-dates-2012.jpg
2012-03-08 23:29 - 2006-11-02 07:18 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-03-08 22:57 - 2012-03-08 22:57 - 0000000 ____D C:\Users\JonEJet\Downloads\New Folder


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2009-02-21 16:56] - [2008-10-29 02:29] - 2927104 ____A (Microsoft Corporation) 4F554999D7D5F05DAAEBBA7B5BA1089D

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll
[2011-01-28 15:41] - [2008-01-19 00:36] - 0627200 ____A (Microsoft Corporation) B974D9F06DC7D1908E825DC201681269

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys
[2011-01-28 15:40] - [2008-01-19 00:42] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================


========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 2038.33 MB
Available physical RAM: 1664.66 MB
Total Pagefile: 1869.04 MB
Available Pagefile: 1793.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.39 MB

======================= Partitions =========================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: (SQ004585V03) (Fixed) (Total:110.32 GB) (Free:69.94 GB) NTFS
3 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Unknown 1500 MB 1024 KB
Partition 2 Primary 110 GB 1501 MB
======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 TOSHIBA SYS NTFS Partition 1500 MB Healthy
======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C SQ004585V03 NTFS Partition 110 GB Healthy
======================================================================================================

==========================================================

Last Boot:

======================= End Of Log ==========================

Here is systemlook under regular boot

SystemLook 30.07.11 by jpshortstuff
Log created at 13:36 on 04/06/2012 by JonEJet
Administrator - Elevation successful

========== filefind ==========

Searching for "services.exe"
C:\Windows\ERDNT\cache\services.exe --a---- 279040 bytes [03:11 06/04/2011] [04:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [23:52 12/10/2008] [07:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [22:00 29/01/2011] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\System32\services.exe --a---- 279040 bytes [19:43 28/01/2011] [04:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe --a---- 279552 bytes [08:35 02/11/2006] [09:45 02/11/2006] 329CF3C97CE4C19375C8ABCABAE258B0
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [19:43 28/01/2011] [04:33 19/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C

-= EOF =-

Hi Jon

Are you tired yet? Heh. The two scans came up with nothing. However the good news is that now more than one eye is on this topic and I got some more tips of how to deal with this nasty piece of work.

First, I see that you have malwarebytes installed. Please open Malwarebytes' Anti-Malware, click the Update tab and click Check for Updates. It is very important that you update to the latest signatures.
Then, click the Scanner tab, select Perform Quick Scan and click Scan. Please post the resulting log in your next reply.

====================

• Please download HitMan Pro 3.6 by Surfright from here and save it to your desktop.
  
• Double click HitmanPro36.exe to run the scanner
  
• Click Next
  
• Accept the license conditions and click Next
  
• Choose to do only a single scan. Do not enter any e-mail address and click Next
  
• Hitman Pro will now scan your computer
  
• After the scan, choose to ignore all threats - I want to have a look first, before deciding what to do
  
• Click Next
  
• You will now find an option to export the results of the scan to an XML file (log.xml). Please do so. Close Hitman Pro.
  
• Please copy and paste the contents of log.xml into your next reply (You can open XML files with notepad)

I'm not tired, just hope you're not tired of me yet. You have been awesome, so once again I thank you for all your efforts.

Malwarebytes.....I tend to run that frequently, so nothing to report

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.05.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
JonEJet :: JONEJET-PC [administrator]

6/5/2012 9:15:20 AM
mbam-log-2012-06-05 (09-15-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201531
Time elapsed: 16 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Hitman Pro......ran it, when finished I think it may have repaired system on its own. Nevertheless, here is the log. I think we may have a winner with this hitman scan

I don't get it, when I copy and paste it, it shows as a preview post. But once I post the scan, it goes away? Am I losing it?

Tried to even upload it, and it won't let me.

I can email it to you? I don't get it.

Saved it to notepad, and when I paste it, it doesn't show up in the post

See below

Last edited by JonEJet on 5th June 2012, 2:24 pm; edited 2 times in total

~[Filtered]~

Last edited by JonEJet on 5th June 2012, 2:28 pm; edited 1 time in total

Two malware files were deleted, besides a bunch of cookies, but I would be highly surprised if these were our (your) main problem.

It reports a suspicious file however, and that might be interesting.

C:\Windows\system32\SearchFilterHost.exe

That is a standard windows system file and hitman pro should not find it suspicious, unless it maybe found that it has been modified.

So, just for fun, try and run combofix. I bet you will enter the same reboot loop. If it does, try and reboot into OTLPE and run systemlook with this script:

:filefind
SearchFilterHost.exe

Post the log back here. That should tell us if this is our bad guy.
glglglglglgl

Last edited by Gabethebabe on 5th June 2012, 2:30 pm; edited 1 time in total

I have seen the hitman pro log. Some bug in the forum software makes a mess of it, but if you quote the post, you will see it correctly.

Gotcha, thanks

Well, no luck with either Combofix, once again the same loop, and System look. Wow, this thing stinks

SystemLook 30.07.11 by jpshortstuff
Log created at 10:45 on 05/06/2012 by JonEJet
Administrator - Elevation successful

========== filefind ==========

Searching for " SearchFilterHost.exe"
No files found.

-= EOF =-

I think I see a space before " SearchFilterHost.exe"

Can you try again, without the space? Make sure you do it in REATOGO environment, so the malware can not falsify the data.

Making a copy of the file c:\windows\system32\SearchFilterHost.exe in REATOGO environment, rebooting to normal and submitting the copy to virustotal would be a decent idea as well.

Okay, there was a space, and it made a difference

SystemLook 30.07.11 by jpshortstuff
Log created at 12:37 on 05/06/2012 by JonEJet
Administrator - Elevation successful

========== filefind ==========

Searching for "SearchFilterHost.exe"
C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\SearchFilterHost.exe --a---- 76800 bytes [23:50 12/10/2008] [07:33 19/01/2008] A9092E71A164A3AE1ACC517809AFEB27
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_windowssearchengine_31bf3856ad364e35_7.0.6002.18005_none_3d746908b76294a3\SearchFilterHost.exe --a---- 87552 bytes [22:01 29/01/2011] [06:27 11/04/2009] C9EE7FF225EAC1CB9C78C413667CDB80
C:\Windows\System32\SearchFilterHost.exe --a---- 87552 bytes [08:50 30/01/2011] [05:17 27/05/2008] 87889A983C015080FA813D7E32910D1E
C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6000.16386_none_47e1b1bb326f0fb4\SearchFilterHost.exe --a---- 76288 bytes [12:34 02/11/2006] [12:34 02/11/2006] 78B5AE488DCD24556CF976BE0BBA82BE
C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_6.0.6001.18000_none_4a1873b72f5a2088\SearchFilterHost.exe --a---- 76800 bytes [19:44 28/01/2011] [04:33 19/01/2008] A9092E71A164A3AE1ACC517809AFEB27
C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchFilterHost.exe --a---- 87552 bytes [08:50 30/01/2011] [05:17 27/05/2008] 87889A983C015080FA813D7E32910D1E

-= EOF =-

Virus scan

https://www.virustotal.com/file/7cdb618ab145cb0e2b2ab3c87542e56624c6fb075c7806494936bf52a9467aab/analysis/

OK

Lets continue the fun as this file was not the culprit either.

Boot using the OTLPE CD.
double click OTLPE icon to run OTLPE
In the custom scans/fixes field paste this:

:files
C:\Windows\$NtUninstallKB46020$

Click Run fix (not Run Scan)

Reboot normally and try if combofix wants to run now (download a new copy).

If it does not, we try hitman pro again, but this time with an extra step included:

• Please download HitMan Pro 3.6 by Surfright from here and save it to your desktop.
  
• Double click HitmanPro36.exe to run the scanner
  
• Click Next
  
• Accept the license conditions and click Next
  
• Click Settings ==> Advanced and check both checkboxes in the bottom to activate EWS mode.
  
• Choose to do only a single scan. Do not enter any e-mail address and click Next
  
• Hitman Pro will now scan your computer
  
• After the scan, choose to ignore all threats - I want to have a look first, before deciding what to do
  
• Click Next
  
• You will now find an option to export the results of the scan to an XML file (log.xml). Please do so. Close Hitman Pro.
  
• Please copy and paste the contents of log.xml into your next reply (You can open XML files with notepad)

-
-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-

Tried quoting it, and it shows nothing

here,hope you can read this????? Also. hitman seems to automatically repair the system, and doesn't give me another option....sorry

-
-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-


-

I can see the log.



Nothing but cookies.

I am getting some help from an advanced malware forum. Some of the last recommendations came from them.

The OTLPE script did not change anything? We deleted a malware folder. Was it performed successfully? The log of that action should be in C:\_OTL\Moved Files. I assume combofix entered the known loop?

I think we need to try the following: scanning with an AV boot disk. Kaspersky has pretty good products, you can get it here.

After downloading the .ISO file, you must burn it to blank CD with a program capable of burning disk images, such as imgburn.

Note: have not tried kaspersky boot CD. But it is quite important we get to see the log, to see what has been deleted, if anything.

I am downloading Kaspersky now. I looked for the log in C:\_OTL\Moved Files and nothing showed up

Now, I done everything you have said to do, to the letter. But, when I CD boot, it doesn't save files, even though scan was preformed successfully.

Yay...lol

So you already ran the Kaspersky rescue disk scan? Did you see it find anything?

have you tried running combofix in real mode now?

My bag of tricks is getting empty here.

not yet, it takes a while to download....will burn in just a second

GRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR

Now, it thing is getting me angry.

Ran Kaspersky......it found all sorts of bad stuff after taking 2 hours. Quarantined all sorts of malicious stuff.

Rebooted normally. Ran Combofix, got excited because it said a newer version of Combofix was available, did I want to upgrade. Of course I said yes.

THen it wouldn't restart, so I uninstalled and reinstalled new version

Same damn loop....&%$#

Gabe,

Read this thread an tell me if you think this would work for me.

Thanks

http://forums.majorgeeks.com/showthread.php?t=257067

I have some interesting news

Someone linked me to this:
http://www.bleepingcomputer.com/forums/topic454607.html/page__st__30

It appears this could be a false positive by combofix
We might have been chasing ghosts the last week

Please download MBRCheck by a_d_13 from either of the following mirrors and save it to your C:\

• Mirror #1
  
• Mirror #2
  
• Mirror #3

Reboot with OTLPE
Run mbrcheck to verify your MBR in off-line mode.
Post the report back here.

do you have any suggestions on how to save reports in OTLPE? Been having difficlty doing that

mbrcheck saves the report in the same folder where you saved it.
So if you saved mbrcheck to c:\, the report should be there.

btw the majorgeeks case you found is completely different. This user had a lot of infections. I did not find that kind of stuff on your computer.

Hope we found it

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: (build 2600)
Logical Drives Mask: 0x00800006

Kernel Drivers (total 81):
0x80400000 \i386\system32\ntoskrnl.exe
0x80615000 \i386\system32\halaacpi.dll
0xF7987000 \i386\system32\KDCOM.DLL
0xF7897000 \i386\system32\BOOTVID.dll
0xF73EC000 setupdd.sys
0xF7A4F000 \i386\system32\drivers\SPDDLANG.SYS
0xF73DB000 pci.sys
0xF73AD000 acpi.sys
0xF7989000 \i386\system32\drivers\WMILIB.SYS
0xF7487000 isapnp.sys
0xF789B000 acpiec.sys
0xF7A50000 \i386\system32\drivers\OPRGHDLR.SYS
0xF7A51000 pciide.sys
0xF7707000 \i386\system32\drivers\PCIIDEX.SYS
0xF74B7000 mountmgr.sys
0xF7370000 ftdisk.sys
0xF7717000 partmgr.sys
0xF7993000 dmload.sys
0xF734A000 dmio.sys
0xF74E7000 \i386\system32\drivers\CLASSPNP.SYS
0xF7727000 usbehci.sys
0xF72F0000 \i386\system32\drivers\USBPORT.SYS
0xF7737000 usbuhci.sys
0xF7507000 usbhub.sys
0xF7997000 \i386\system32\drivers\USBD.SYS
0xF773F000 usbccgp.sys
0xF789F000 hidusb.sys
0xF7747000 \i386\system32\drivers\HIDPARSE.SYS
0xF7517000 \i386\system32\drivers\HIDCLASS.SYS
0xF7537000 i8042prt.sys
0xF78A7000 kbdhid.sys
0xF7757000 kbdclass.sys
0xF775F000 mouclass.sys
0xF78AB000 mouhid.sys
0xF72D8000 SCSIPORT.SYS
0xF72C0000 atapi.sys
0xF78C7000 VMSCSI.SY_
0xF77BF000 VIAPDSK.SY_
0xF7193000 viamraid.SY_
0xF712C000 SISRAID4.SY_
0xF77C7000 SISRAID2.SY_
0xF6B3C000 iastor78.SY_
0xF614C000 dmboot.sys
0xF720B000 cdrom.sys
0xF71FB000 disk.sys
0xF6135000 ksecdd.sys
0xF6112000 fastfat.sys
0xF6085000 ntfs.sys
0xF71EB000 cdfs.sys
0xF6058000 ndis.sys
0xF603D000 mup.sys
0xF7AD4000 \SystemRoot\System32\drivers\audstub.sys
0xF79A1000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF783F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF79A5000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF5EB9000 \SystemRoot\System32\DRIVERS\ks.sys
0xF5FFD000 \SystemRoot\system32\drivers\ramdriv.sys
0xF77CF000 \SystemRoot\System32\drivers\vga.sys
0xBAFEC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xBAFBB000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF5FE0000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF7AE6000 \SystemRoot\System32\Drivers\Null.SYS
0xF776F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF777F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAFA8000 \SystemRoot\System32\drivers\ipsec.sys
0xF79A9000 \SystemRoot\System32\Drivers\Beep.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF77AF000 \SystemRoot\System32\watchdog.sys
0xF5FA4000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xF7B2A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xF721B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF684B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBAAB4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBAA45000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA9ED000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA9CB000 \SystemRoot\system32\drivers\afd.sys
0xBA9A3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF77F7000 \??\B:\mbr.sys
0x7C900000 \I386\SYSTEM32\NTDLL.DLL

Processes (total 15):
0 System Idle Process
4 System
244 X:\I386\SYSTEM32\CSRSS.EXE
304 X:\I386\SYSTEM32\SERVICES.EXE
316 X:\I386\SYSTEM32\LSASS.EXE
436 X:\I386\SYSTEM32\SVCHOST.EXE
444 X:\I386\SYSTEM32\REATOGOLOGON.EXE
520 X:\I386\SYSTEM32\SVCHOST.EXE
1532 X:\I386\SYSTEM32\SVCHOST.EXE
1704 X:\I386\SYSTEM32\SVCHOST.EXE
1836 X:\PROGRAMS\wbload\wbload.exe
1964 X:\I386\SYSTEM32\SVCHOST.EXE
2020 X:\I386\EXPLORER.EXE
648 X:\I386\EXPLORER.EXE
1436 C:\Users\JonEJet\Downloads\MBRCheck.exe

\\.\B: --> error 1
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1246GSX, Rev: LB213M

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61

MBR is clean.

Next set of instructions, kindly provided by a helpful member of another forum.

After booting normal go to start menu ==> Run and type CMD and hit Enter
You are now in the command prompt. Enter the following command:

fsutil reparsepoint delete C:\Windows\$NtUninstallKB46020$

After that open OTL (you still have it available? Otherwise download it here).
In the custom scans/fixes field type the following:

rd /s/q C:\Windows\$NtUninstallKB46020$ /c

And click Run Fix. Please post the result back here.

====================

Another tool that was recommended by him was this tool by Panda.

If all this still does not make the Combofix alert go away, I seriously doubt your computer is infected and I think we are dealing with a false positive from Combofix.

No ZAccess variant should be able to survive the armageddon of tools we have thrown at your computer.

Error: Unable to interpret in the current context!

OTL by OldTimer - Version 3.2.45.0 log created on 06072012_232428

Not sure that went well

As far as the false positive, I still can't run combofix, and I still get redirected most times I do any type of search

Also, under the CMD prompt, I got the following message

The FSUTIL utility requires you have administration privledges

oops I am dumb

The OTL script must be this:

:files
rd /s/q C:\Windows\$NtUninstallKB46020$ /c

But only do this if the fsutil command has been executed correctly.
Do you have a CMD/Command Prompt Icon that you can rightclick and run as administrator?

DOes not give me option to run as administrator....but I can change that on my computer, can't i?

Okay, figured out the cmd as administrator thing

after i run the command under the promt, it gives me "ERROR: THe file or directory is not a reparse point

ran OTL

========== FILES ==========
< rd /s/q C:\Windows\$NtUninstallKB46020$ /c >
C:\Users\JonEJet\Desktop\cmd.bat deleted successfully.
C:\Users\JonEJet\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.45.0 log created on 06082012_003533

From yorkyt

2012-06-07 23:31:24: ****************************************************
2012-06-07 23:31:24: Starting UP ... v 0.0.0.220
2012-06-07 23:31:24: ****************************************************
2012-06-07 23:31:25: Stop TPSRV returns: 2
2012-06-07 23:31:40: Listing processes...
2012-06-07 23:31:40: :[System Process]:0
2012-06-07 23:31:40: :System:4
2012-06-07 23:31:40: :smss.exe:540
2012-06-07 23:31:40: :csrss.exe:612
2012-06-07 23:31:40: :wininit.exe:656
2012-06-07 23:31:40: :csrss.exe:664
2012-06-07 23:31:40: :services.exe:700
2012-06-07 23:31:40: :lsass.exe:712
2012-06-07 23:31:40: :lsm.exe:724
2012-06-07 23:31:40: :winlogon.exe:796
2012-06-07 23:31:40: :svchost.exe:896
2012-06-07 23:31:40: :PresentationFontCache.exe:964
2012-06-07 23:31:40: :svchost.exe:1008
2012-06-07 23:31:40: :svchost.exe:1056
2012-06-07 23:31:40: :svchost.exe:1148
2012-06-07 23:31:40: :svchost.exe:1160
2012-06-07 23:31:40: :audiodg.exe:1272
2012-06-07 23:31:40: :SLsvc.exe:1308
2012-06-07 23:31:40: :svchost.exe:1356
2012-06-07 23:31:40: :svchost.exe:1512
2012-06-07 23:31:40: :AvastSvc.exe:1684
2012-06-07 23:31:40: :dwm.exe:1780
2012-06-07 23:31:40: :explorer.exe:1812
2012-06-07 23:31:40: :spoolsv.exe:1916
2012-06-07 23:31:40: :taskeng.exe:1944
2012-06-07 23:31:40: :taskeng.exe:2028
2012-06-07 23:31:40: :agrsmsvc.exe:1912
2012-06-07 23:31:40: :igfxpers.exe:1712
2012-06-07 23:31:40: :CFSvcs.exe:2084
2012-06-07 23:31:40: :svchost.exe:2136
2012-06-07 23:31:40: :lxducoms.exe:2288
2012-06-07 23:31:40: :pinger.exe:2392
2012-06-07 23:31:40: :SeaPort.EXE:2412
2012-06-07 23:31:40: :RtHDVCpl.exe:2420
2012-06-07 23:31:40: :SynTPStart.exe:2452
2012-06-07 23:31:40: :sftvsa.exe:2672
2012-06-07 23:31:40: :svchost.exe:2732
2012-06-07 23:31:40: :TNaviSrv.exe:2772
2012-06-07 23:31:40: :GoogleDesktop.exe:2860
2012-06-07 23:31:40: :TODDSrv.exe:2880
2012-06-07 23:31:40: :TosCoSrv.exe:2980
2012-06-07 23:31:40: :realsched.exe:2992
2012-06-07 23:31:40: :AvastUI.exe:3080
2012-06-07 23:31:40: :TosBtSrv.exe:3100
2012-06-07 23:31:40: :ULCDRSvr.exe:3196
2012-06-07 23:31:40: :svchost.exe:3212
2012-06-07 23:31:40: :WLIDSVC.EXE:3236
2012-06-07 23:31:40: :SearchIndexer.exe:3292
2012-06-07 23:31:40: :sftlist.exe:3408
2012-06-07 23:31:40: :WLIDSVCM.EXE:3684
2012-06-07 23:31:40: :CVHSVC.EXE:4040
2012-06-07 23:31:40: :SynTPEnh.exe:3416
2012-06-07 23:31:40: :unsecapp.exe:3396
2012-06-07 23:31:40: :WmiPrvSE.exe:2600
2012-06-07 23:31:40: :firefox.exe:3948
2012-06-07 23:31:40: :SynToshiba.exe:1328
2012-06-07 23:31:40: :plugin-container.exe:2612
2012-06-07 23:31:40: :jp2launcher.exe:4160
2012-06-07 23:31:40: :java.exe:4184
2012-06-07 23:31:40: :wuauclt.exe:4852
2012-06-07 23:31:40: :realplay.exe:6072
2012-06-07 23:31:40: :SearchProtocolHost.exe:2692
2012-06-07 23:31:40: :yorkyt.exe:5436
2012-06-07 23:31:40: :WmiPrvSE.exe:5652
2012-06-07 23:31:40: :SearchFilterHost.exe:5660
2012-06-07 23:31:40:
2012-06-07 23:31:40: Setting restore point
2012-06-07 23:32:17: Determining autonomous or dropped mode...
2012-06-07 23:32:17: Autonomus mode
2012-06-07 23:32:18: Installing drivers...
2012-06-07 23:32:20: Checking that it installed...
2012-06-07 23:32:20: Driver is installed...
2012-06-07 23:32:20: cmd.exe /c start "C:\Users\JonEJet\Desktop\yorkyt.exe"
2012-06-07 23:32:28: Restarting...
2012-06-07 23:54:05: ****************************************************
2012-06-07 23:54:05: Starting UP ... v 0.0.0.220
2012-06-07 23:54:05: ****************************************************
2012-06-07 23:54:05: Stop TPSRV returns: 2
2012-06-07 23:54:21: Listing processes...
2012-06-07 23:54:21: :[System Process]:0
2012-06-07 23:54:21: :System:4
2012-06-07 23:54:21: :smss.exe:476
2012-06-07 23:54:21: :csrss.exe:548
2012-06-07 23:54:21: :wininit.exe:592
2012-06-07 23:54:21: :csrss.exe:600
2012-06-07 23:54:21: :services.exe:636
2012-06-07 23:54:21: :winlogon.exe:692
2012-06-07 23:54:21: :lsass.exe:724
2012-06-07 23:54:21: :lsm.exe:732
2012-06-07 23:54:21: :svchost.exe:872
2012-06-07 23:54:21: :PresentationFontCache.exe:936
2012-06-07 23:54:21: :svchost.exe:980
2012-06-07 23:54:21: :svchost.exe:1024
2012-06-07 23:54:21: :svchost.exe:1104
2012-06-07 23:54:21: :svchost.exe:1116
2012-06-07 23:54:21: :audiodg.exe:1220
2012-06-07 23:54:21: :SLsvc.exe:1252
2012-06-07 23:54:21: :svchost.exe:1292
2012-06-07 23:54:21: :svchost.exe:1452
2012-06-07 23:54:21: :AvastSvc.exe:1660
2012-06-07 23:54:21: :dwm.exe:1724
2012-06-07 23:54:21: :explorer.exe:1760
2012-06-07 23:54:21: :spoolsv.exe:1868
2012-06-07 23:54:21: :taskeng.exe:1888
2012-06-07 23:54:21: :taskeng.exe:2008
2012-06-07 23:54:21: :agrsmsvc.exe:268
2012-06-07 23:54:21: :CFSvcs.exe:508
2012-06-07 23:54:21: :svchost.exe:556
2012-06-07 23:54:21: :lxducoms.exe:588
2012-06-07 23:54:21: :pinger.exe:1652
2012-06-07 23:54:21: :SeaPort.EXE:2084
2012-06-07 23:54:21: :sftvsa.exe:2320
2012-06-07 23:54:21: :svchost.exe:2340
2012-06-07 23:54:21: :TNaviSrv.exe:2368
2012-06-07 23:54:21: :TODDSrv.exe:2424
2012-06-07 23:54:21: :TosCoSrv.exe:2444
2012-06-07 23:54:21: :TosBtSrv.exe:2500
2012-06-07 23:54:21: :ULCDRSvr.exe:2516
2012-06-07 23:54:21: :svchost.exe:2548
2012-06-07 23:54:21: :WLIDSVC.EXE:2584
2012-06-07 23:54:21: :SearchIndexer.exe:2616
2012-06-07 23:54:21: :WLIDSVCM.EXE:2920
2012-06-07 23:54:21: :igfxpers.exe:3704
2012-06-07 23:54:21: :RtHDVCpl.exe:3852
2012-06-07 23:54:21: :SynTPStart.exe:3988
2012-06-07 23:54:21: :unsecapp.exe:4044
2012-06-07 23:54:21: :GoogleDesktop.exe:4068
2012-06-07 23:54:21: :realsched.exe:844
2012-06-07 23:54:21: :WmiPrvSE.exe:1776
2012-06-07 23:54:21: :reader_sl.exe:1428
2012-06-07 23:54:21: :AvastUI.exe:2556
2012-06-07 23:54:21: :ONENOTEM.EXE:308
2012-06-07 23:54:21: :SearchProtocolHost.exe:2972
2012-06-07 23:54:21: :firefox.exe:200
2012-06-07 23:54:21: :SynTPEnh.exe:3184
2012-06-07 23:54:21: :SynToshiba.exe:3676
2012-06-07 23:54:21: :realplay.exe:4000
2012-06-07 23:54:21: :jp2launcher.exe:3312
2012-06-07 23:54:21: :java.exe:3584
2012-06-07 23:54:21: :plugin-container.exe:3672
2012-06-07 23:54:21: :SearchFilterHost.exe:840
2012-06-07 23:54:21: :WmiPrvSE.exe:3976
2012-06-07 23:54:21: :wuauclt.exe:2292
2012-06-07 23:54:21: :yorkyt.exe:3684
2012-06-07 23:54:21:
2012-06-07 23:54:21: Setting restore point
2012-06-07 23:55:00: Determining autonomous or dropped mode...
2012-06-07 23:55:00: Autonomus mode
2012-06-07 23:55:00: Installing drivers...
2012-06-07 23:55:09: Checking that it installed...
2012-06-07 23:55:09: Driver is installed...
2012-06-07 23:55:09: cmd.exe /c start "C:\Users\JonEJet\Desktop\yorkyt.exe"
2012-06-07 23:55:59: Please restart manually

Holy cow, IT WORKED!!!!! I am so happy right now. Ran Combofix, WoooooooooooooooHooooooooooooooo

ComboFix 12-06-06.02 - JonEJet 06/08/2012 0:59.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1074 [GMT -4:00]
Running from: c:\users\JonEJet\Desktop\SeviceFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\AlexaNSISPlugin.5340.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-08 05:14 . 2012-06-08 05:18 -------- d-----w- c:\users\JonEJet\AppData\Local\temp
2012-06-08 05:14 . 2012-06-08 05:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-08 05:14 . 2012-06-08 05:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-08 03:23 . 2012-06-08 03:23 -------- d-----w- C:\_OTL
2012-06-07 11:41 . 2012-06-07 11:44 -------- d-----w- C:\SeviceFix
2012-06-07 11:29 . 2012-06-08 04:56 -------- d-----w- C:\ComboFix
2012-06-06 16:14 . 2012-06-06 16:14 -------- d-----w- c:\program files\HitmanPro
2012-06-01 16:24 . 2012-04-21 01:18 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-06-01 16:24 . 2012-04-21 01:18 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-06-01 01:01 . 2012-06-01 01:01 -------- d-----w- c:\program files\Amazon
2012-06-01 01:00 . 2012-06-01 15:45 -------- d-----w- c:\program files\Amazon Browser Bar
2012-05-31 14:01 . 2012-06-06 16:05 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-31 13:59 . 2012-06-06 15:50 624608 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-31 13:59 . 2012-06-06 15:50 43488 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-05-31 13:59 . 2012-06-06 15:50 157600 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-31 13:59 . 2012-06-06 15:50 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-31 13:18 . 2012-05-31 13:18 0 ----a-w- c:\windows\system32\sho5BF7.tmp
2012-05-30 14:20 . 2012-05-30 14:20 -------- d-----w- c:\users\JonEJet\AppData\Roaming\FixZeroAccess
2012-05-29 15:23 . 2012-05-29 15:27 -------- d-----w- c:\program files\Free Download Manager
2012-05-29 15:22 . 2012-05-29 15:22 -------- d-----w- c:\programdata\Babylon
2012-05-29 15:22 . 2012-05-29 15:22 -------- d-----w- c:\users\JonEJet\AppData\Roaming\Babylon
2012-05-29 14:33 . 2012-05-29 14:33 0 ----a-w- c:\windows\system32\shoD4F8.tmp
2012-05-28 20:49 . 2012-05-28 20:49 -------- d-----w- c:\programdata\Sophos
2012-05-28 19:04 . 2012-05-29 15:28 -------- d-----w- c:\programdata\blekko toolbars
2012-05-28 19:04 . 2012-05-28 19:46 -------- d-----w- c:\users\JonEJet\AppData\Local\blekkotb_031
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 19:50 . 2011-04-02 16:25 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2010-12-07 10:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-06 15:50 . 2012-06-01 16:24 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-06 1862144]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-02 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.3.lnk - c:\users\JonEJet\AppData\Local\temp\quickstart.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0b4fdb4952f0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:58]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 02:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ie_sp_
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
FF - ProfilePath - c:\users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_sp_
FF - prefs.js: keyword.URL - hxxp://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_ab_&query=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54828
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\lxducoms.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\windows\system32\ssBranded.scr
.
**************************************************************************
.
Completion time: 2012-06-08 01:49:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-08 05:49
.
Pre-Run: 66,296,856,576 bytes free
Post-Run: 66,943,954,944 bytes free
.
- - End Of File - - F14C638D9AE6FF20316F056A7883F9AD

The virus must still be infecting my computer, because I'm still being redirected during my searches

Ugh...

Well that is certainly good news

• Please run OTL.exe again
  
• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

• CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
  
• If it asks to reboot the computer, please allow that.
  
• Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Analysis of a suspicious file.

• Please go to the Virustotal website by clicking here
  
• Click the Browse button and in the Name field paste:

  c:\users\JonEJet\AppData\Local\temp\quickstart.exe

  
  
• Click Open and click Send File
  
• If Virustotal informs you that "File has already been analysed", click Reanalyse file now
  
• An analysis report will appear. Copy and paste the url (something like http://www.virustotal.com/analisis/blabla) into your next reply.

====================

Please download OTL by OldTimer from here and save it to your desktop.

• Close all windows and double click OTL.exe.
  
• The Extra Registry setting should be Use Safelist
  
• Copy and paste the following text into the Custom Scans/Fixes box:

• Click the Run Scan button and allow it to run.
  
• It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  
• You may need multiple posts to get it all.

========== FILES ==========
c:\windows\system32\shoD4F8.tmp moved successfully.
c:\windows\system32\sho5BF7.tmp moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.45.0 log created on 06092012_091931


2. WHen I searched my computer for quickstart.exe it said file not found, so I could not analyze

Well, I looked around, and it brought me this....basically scanned the Combofix.txt

https://www.virustotal.com/file/8f964ba53603f1276199d5f117af38fff88ae4c5b91d4f2afeceaaa4a97ac602/analysis/1339162478/




Last edited by JonEJet on 8th June 2012, 2:11 pm; edited 1 time in total

OTL logfile created on: 6/9/2012 9:38:10 AM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\JonEJet\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.90% Memory free
4.21 Gb Paging File | 3.23 Gb Available in Paging File | 76.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 61.66 Gb Free Space | 55.89% Space Free | Partition Type: NTFS

Computer Name: JONEJET-PC | User Name: JonEJet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/10/14 18:45:05 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe
PRC - [2010/02/01 23:02:21 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/08/15 19:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/15 18:58:02 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/04/25 15:14:16 | 004,444,160 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/06 11:50:56 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/28 10:57:23 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009/05/06 09:04:36 | 000,466,944 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\resource.dll
MOD - [2009/05/06 09:03:44 | 000,372,736 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\toolband.dll
MOD - [2007/09/13 19:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MpsSvc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice_tmp.exe -- (MozillaMaintenance)
SRV - File not found [On_Demand | Stopped] -- -- (BFE)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/14 18:45:05 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008/07/27 14:00:25 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/19 21:17:50 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 00:34:54 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008/01/19 00:34:46 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2007/09/24 21:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/19 15:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 14:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/26 01:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/15 00:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 22:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\UP_date\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys -- (CWMonitor)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SeviceFix13496S\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/06/08 14:15:56 | 000,027,424 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/06/30 13:20:45 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/30 13:20:45 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/01/18 22:49:18 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/18 22:28:10 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2007/09/19 14:59:12 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007/06/01 17:07:48 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 02:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006/11/02 05:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 05:49:20 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2006/11/02 05:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 04:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2006/11/02 04:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 04:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006/11/02 04:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006/11/02 04:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006/11/02 04:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006/11/02 04:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006/11/02 04:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006/11/02 04:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006/11/02 04:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006/11/02 04:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006/11/02 04:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006/11/02 04:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 02:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/09/27 08:06:00 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kr3npxp.sys -- (KR3NPXP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ie_sp_
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {21475A23-BD73-3152-6CAC-741072CD9B98}
IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{21475A23-BD73-3152-6CAC-741072CD9B98}: "URL" = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ie_us_display?ie=UTF8&tag=bds-amzn-serp-us-ie-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ie_ds_&query={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=078E4B36CE8D139AA3721C4FC3CC31B5&q={searchTerms}
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{BC37B0C6-1699-454D-815B-74DB6873EE31}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7TSHB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_sp_"
FF - prefs.js..keyword.URL: "http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ff_us_display?ie=UTF8&tag=bds-amzn-serp-us-ff-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_ff_ab_&query="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54828
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/05/07 13:16:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 11:51:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/04 19:44:19 | 000,000,000 | ---D | M]

[2012/01/16 23:58:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Extensions
[2012/03/12 20:07:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\6llx2x2q.default\extensions
[2012/06/01 10:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JonEJet\AppData\Roaming\Mozilla\Firefox\Profiles\okcrvxtn.default\extensions
[2012/06/06 11:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/01 10:11:28 | 000,502,682 | ---- | M] () (No name found) -- C:\USERS\JONEJET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OKCRVXTN.DEFAULT\EXTENSIONS\ABB@AMAZON.COM.XPI
[2012/03/12 20:07:50 | 000,004,728 | ---- | M] () (No name found) -- C:\USERS\JONEJET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OKCRVXTN.DEFAULT\EXTENSIONS\COOIJLURCQ@COOIJLURCQ.ORG.XPI
[2012/06/06 11:50:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/28 15:04:42 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Amazon (Enabled)
CHR - default_search_provider: search_url = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_cr_us_display?ie=UTF8&tag=bds-amzn-serp-us-cr-20&tagbase=bds-amzn&tbrId=v1_abb-channel-17_058b36b5bfba43a19ad94c27393900e6_17_17_20120601_US_cr_ds_&query={searchTerms}
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms}&output=chrome,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\JonEJet\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Users\JonEJet\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\

O1 HOSTS File: ([2012/06/08 01:18:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BCB3EAE-FB8F-4141-8934-8A0E11E5B570}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBCEC8C8-8DDA-4014-B428-FED0EEFC40F8}: DhcpNameServer = 208.59.247.45 208.59.247.46
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - File not found
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/08 14:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/08 01:49:17 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\temp
[2012/06/08 01:18:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/08 01:14:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/07 23:23:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/07 07:41:09 | 000,000,000 | ---D | C] -- C:\SeviceFix
[2012/06/05 09:49:42 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/06/05 09:35:14 | 007,287,176 | ---- | C] (SurfRight B.V.) -- C:\Users\JonEJet\Desktop\HitmanPro36.exe
[2012/06/04 15:51:05 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/06/04 15:51:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/06/04 15:51:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/06/04 15:51:04 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/06/03 12:29:20 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Documents\OTL.exe
[2012/06/02 14:55:01 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Users\JonEJet\Desktop\OTLPEStd.exe
[2012/06/01 12:59:23 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\Seven Zip
[2012/06/01 12:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/01 12:26:33 | 016,339,280 | ---- | C] (Mozilla) -- C:\Users\JonEJet\Desktop\Firefox Setup 12.0.exe
[2012/06/01 10:16:29 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
[2012/05/31 21:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012/05/31 21:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon Browser Bar
[2012/05/31 10:23:14 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\Documents\OneNote Notebooks
[2012/05/31 10:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/31 09:41:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\JonEJet\Desktop\dds.scr
[2012/05/31 09:27:33 | 000,201,728 | ---- | C] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTC.exe
[2012/05/30 17:53:26 | 000,138,120 | ---- | C] (ESET) -- C:\Users\JonEJet\Desktop\ESETSirefefRemover.exe
[2012/05/30 11:04:58 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\JonEJet\Desktop\aswMBR.exe
[2012/05/30 10:20:51 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess
[2012/05/30 09:45:58 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Users\JonEJet\Desktop\FixZeroAccess.exe
[2012/05/29 11:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2012/05/29 11:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/05/29 11:22:35 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Roaming\Babylon
[2012/05/28 15:04:14 | 000,000,000 | ---D | C] -- C:\Users\JonEJet\AppData\Local\blekkotb_031
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

Con't

========== Files - Modified Within 30 Days ==========

[2012/06/09 09:21:56 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 09:21:56 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 09:21:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/09 09:21:42 | 2135,359,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/08 23:56:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/08 14:15:56 | 000,027,424 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/06/08 14:13:22 | 000,001,356 | ---- | M] () -- C:\Users\JonEJet\AppData\Local\d3d9caps.dat
[2012/06/08 01:18:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/08 00:48:21 | 179,672,641 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/07 23:30:59 | 001,415,784 | ---- | M] () -- C:\Users\JonEJet\Desktop\yorkyt.exe
[2012/06/07 14:14:40 | 000,604,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/07 14:14:40 | 000,104,356 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/07 11:03:06 | 000,080,384 | ---- | M] () -- C:\Users\JonEJet\Documents\MBRCheck.exe
[2012/06/06 23:37:06 | 000,015,494 | ---- | M] () -- C:\Users\JonEJet\log.xml
[2012/06/06 12:26:20 | 007,287,176 | ---- | M] (SurfRight B.V.) -- C:\Users\JonEJet\Desktop\HitmanPro36.exe
[2012/06/05 09:49:42 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/06/04 15:50:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/06/04 15:50:16 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/06/04 15:50:15 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/06/04 15:50:14 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/06/04 15:50:13 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/06/02 14:55:07 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\JonEJet\Desktop\OTLPEStd.exe
[2012/06/01 12:27:43 | 000,000,881 | ---- | M] () -- C:\Users\JonEJet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/01 12:27:43 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/01 12:26:37 | 016,339,280 | ---- | M] (Mozilla) -- C:\Users\JonEJet\Desktop\Firefox Setup 12.0.exe
[2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Documents\OTL.exe
[2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
[2012/05/31 10:23:11 | 000,001,122 | ---- | M] () -- C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/05/31 09:41:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\JonEJet\Desktop\dds.scr
[2012/05/31 09:34:44 | 000,302,592 | ---- | M] () -- C:\Users\JonEJet\Desktop\gmer.exe
[2012/05/31 09:27:39 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTC.exe
[2012/05/31 09:19:25 | 000,349,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/30 17:53:29 | 000,138,120 | ---- | M] (ESET) -- C:\Users\JonEJet\Desktop\ESETSirefefRemover.exe
[2012/05/30 17:00:22 | 000,302,592 | ---- | M] () -- C:\Users\JonEJet\Desktop\311zqyeh.exe
[2012/05/30 11:05:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\JonEJet\Desktop\aswMBR.exe
[2012/05/30 09:46:03 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\JonEJet\Desktop\FixZeroAccess.exe
[2012/05/28 12:15:03 | 000,005,120 | ---- | M] () -- C:\Users\JonEJet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/27 10:01:18 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/23 21:04:34 | 000,001,982 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/08 14:17:37 | 2135,359,488 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/08 14:11:59 | 000,027,424 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/06/07 23:30:54 | 001,415,784 | ---- | C] () -- C:\Users\JonEJet\Desktop\yorkyt.exe
[2012/06/07 11:02:55 | 000,080,384 | ---- | C] () -- C:\Users\JonEJet\Documents\MBRCheck.exe
[2012/06/06 23:37:06 | 000,015,494 | ---- | C] () -- C:\Users\JonEJet\log.xml
[2012/06/01 12:24:16 | 000,000,881 | ---- | C] () -- C:\Users\JonEJet\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/01 12:24:16 | 000,000,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/01 12:24:16 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/31 10:23:11 | 000,001,122 | ---- | C] () -- C:\Users\JonEJet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/05/31 09:34:40 | 000,302,592 | ---- | C] () -- C:\Users\JonEJet\Desktop\gmer.exe
[2012/05/30 17:00:20 | 000,302,592 | ---- | C] () -- C:\Users\JonEJet\Desktop\311zqyeh.exe
[2012/01/05 14:31:25 | 000,003,794 | -HS- | C] () -- C:\Users\JonEJet\AppData\Local\803rt48xt48a01113057goevuw1d832mjt5kv53124h
[2012/01/05 14:31:25 | 000,003,794 | -HS- | C] () -- C:\ProgramData\803rt48xt48a01113057goevuw1d832mjt5kv53124h
[2012/01/01 15:26:50 | 000,010,436 | -HS- | C] () -- C:\Users\JonEJet\AppData\Local\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8
[2012/01/01 15:26:50 | 000,010,436 | -HS- | C] () -- C:\ProgramData\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8
[2011/05/18 16:44:04 | 000,001,356 | ---- | C] () -- C:\Users\JonEJet\AppData\Local\d3d9caps.dat
[2011/05/14 20:51:30 | 000,011,324 | -HS- | C] () -- C:\Users\JonEJet\AppData\Local\6p74b12e5883bvnms7rio6x2hebdv36h
[2011/05/14 20:51:30 | 000,011,324 | -HS- | C] () -- C:\ProgramData\6p74b12e5883bvnms7rio6x2hebdv36h
[2011/01/30 04:50:10 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/30 04:50:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/28 12:48:12 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2010/12/28 12:48:09 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2010/12/28 12:48:06 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2010/12/28 12:48:04 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[2010/12/28 12:48:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2010/12/28 12:48:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2010/12/28 12:48:01 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2010/12/28 12:45:37 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDUPMON.DLL
[2010/12/28 12:45:37 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDUFXPU.DLL
[2010/12/28 12:45:15 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxduoem.dll
[2010/12/28 12:32:53 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2010/12/28 12:32:52 | 000,446,464 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2010/12/28 12:32:51 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2010/12/28 12:32:50 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2010/12/28 12:32:46 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2010/12/28 12:32:44 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2010/12/28 12:32:39 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2010/12/28 12:32:24 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2010/12/28 12:32:13 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2010/12/28 12:23:12 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxducoin.dll
[2010/12/28 12:22:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2010/12/28 12:22:08 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2010/12/28 12:22:06 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2010/10/12 21:44:13 | 000,000,282 | ---- | C] () -- C:\Users\JonEJet\AppData\Roaming\wklnhst.dat

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/05/30 17:00:22 | 000,302,592 | ---- | M] () -- C:\Users\JonEJet\Desktop\311zqyeh.exe
[2012/05/30 11:05:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\JonEJet\Desktop\aswMBR.exe
[2012/05/30 17:53:29 | 000,138,120 | ---- | M] (ESET) -- C:\Users\JonEJet\Desktop\ESETSirefefRemover.exe
[2012/06/01 12:26:37 | 016,339,280 | ---- | M] (Mozilla) -- C:\Users\JonEJet\Desktop\Firefox Setup 12.0.exe
[2012/05/30 09:46:03 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\JonEJet\Desktop\FixZeroAccess.exe
[2012/05/31 09:34:44 | 000,302,592 | ---- | M] () -- C:\Users\JonEJet\Desktop\gmer.exe
[2012/06/06 12:26:20 | 007,287,176 | ---- | M] (SurfRight B.V.) -- C:\Users\JonEJet\Desktop\HitmanPro36.exe
[2012/05/31 09:27:39 | 000,201,728 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTC.exe
[2012/06/01 10:16:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JonEJet\Desktop\OTL.exe
[2012/06/02 14:55:07 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\JonEJet\Desktop\OTLPEStd.exe
[2012/06/07 23:30:59 | 001,415,784 | ---- | M] () -- C:\Users\JonEJet\Desktop\yorkyt.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2012/06/06 11:50:58 | 000,117,728 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2012/06/06 11:50:57 | 000,113,120 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\maintenanceservice.exe
[2012/06/06 11:50:57 | 000,157,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
[2012/06/06 11:50:49 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2012/06/06 11:50:45 | 000,265,184 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2012/06/09 09:21:56 | 000,003,568 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/09 09:21:56 | 000,003,568 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/02/08 23:50:41 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/05/31 21:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2012/06/01 11:45:11 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon Browser Bar
[2009/06/16 21:25:27 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2012/02/08 23:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2012/06/08 01:07:06 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/08/12 19:25:54 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2012/05/29 11:27:30 | 000,000,000 | ---D | M] -- C:\Program Files\Free Download Manager
[2011/08/12 19:26:10 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2010/02/01 23:00:31 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012/01/12 16:34:10 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2007/11/06 18:22:40 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/06/15 10:13:04 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/11/06 19:13:21 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2007/11/06 18:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2012/06/04 15:50:01 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/12/28 12:53:16 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark 5600-6600 Series
[2010/12/28 12:40:07 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Printable Web
[2011/06/10 12:10:08 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Toolbar
[2010/12/28 12:44:54 | 000,000,000 | ---D | M] -- C:\Program Files\Lexmark Tools for Office
[2010/10/14 17:39:04 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2007/11/06 18:33:44 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2012/05/27 10:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2007/11/06 18:25:23 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
[2012/06/08 01:31:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2012/02/15 04:02:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Application Virtualization Client
[2011/01/30 04:46:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2011/01/28 17:30:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/05/14 16:22:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/01/30 04:35:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/03/16 19:42:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2011/02/01 04:03:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/01/30 07:34:14 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/06/06 11:51:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/06/06 12:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/01/28 15:07:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Toolbar Installer
[2007/11/06 17:06:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/08/26 11:38:04 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Confidential
[2011/04/02 12:29:50 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2007/11/06 18:48:22 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2008/05/05 17:37:36 | 000,000,000 | ---D | M] -- C:\Program Files\PortalPlayer
[2009/06/16 21:29:47 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/02/01 23:02:24 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/11/06 18:27:19 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2007/12/11 17:38:23 | 000,000,000 | ---D | M] -- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/05/05 19:35:15 | 000,000,000 | ---D | M] -- C:\Program Files\Sirius
[2011/10/08 17:34:20 | 000,000,000 | ---D | M] -- C:\Program Files\StreamTorrent 1.0
[2007/11/06 18:30:50 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2007/12/11 17:46:36 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2007/11/06 18:46:35 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA Games
[2007/11/06 18:49:57 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Registration
[2007/11/06 19:09:41 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2006/11/02 09:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2010/10/03 13:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2012/02/08 23:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2011/01/28 17:02:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2011/01/28 17:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2011/01/28 17:02:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011/01/28 17:02:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2011/06/15 09:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2007/11/06 19:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2011/01/30 07:34:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 08:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011/01/28 17:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2012/02/08 23:59:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar

< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess\Archive\agp440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess\Archive\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\ERDNT\cache\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/05/04 09:49:03 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/05/04 09:49:03 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/05/04 09:49:01 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/11 02:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/19 00:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess\Archive\disk.sys
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2008/01/19 00:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\drivers\disk.sys
[2008/01/19 00:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/19 00:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\ERDNT\cache\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/05/04 09:52:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/05/04 09:52:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008/01/19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008/01/19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Users\JonEJet\AppData\Roaming\FixZeroAccess\Archive\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008/01/19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: USERINIT.EXE >
[2008/01/19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-05 13:24:30

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/06 11:50:49 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/06 11:50:49 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/06 11:50:49 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 00:33:14 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 00:33:14 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 00:33:14 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/21 11:02:30 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/06 11:50:49 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/06 11:50:49 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/06 11:50:49 | 000,867,032 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/06 11:50:57 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/05/22 21:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 00:33:14 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 00:33:14 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 00:33:14 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/21 11:02:30 | 000,634,648 | ---- | M] (Microsoft Corporation)

< End of report >


OTL Extras logfile created on: 6/9/2012 9:38:10 AM - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\JonEJet\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.90% Memory free
4.21 Gb Paging File | 3.23 Gb Available in Paging File | 76.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 61.66 Gb Free Space | 55.89% Space Free | Partition Type: NTFS

Computer Name: JONEJET-PC | User Name: JonEJet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2447DB17-6CC9-4DBB-9298-026B2DDA45EE}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{25BD501E-B405-4B48-838B-DD25AE2AF059}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxamon.exe |
"{26518CFE-9CE2-49C8-AE54-D7A2C2B3B638}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{38F8A755-3E1F-43D4-9141-376233BCC8C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5C32D627-1E72-410C-B2F3-562D1F0E294D}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxdufax.exe |
"{71ECD802-6562-4FEE-ACBC-741DEA13F8FF}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{77829111-34B6-43EA-AFA5-72475BD78900}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"{7DFFF146-EE4A-4EB0-9D2B-66D537D57B80}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\lxdxamon.exe |
"{9FD94F2D-D752-449C-B466-07D3BB0B4517}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A9215425-B487-4306-9D9B-40AC6659D120}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C2F6BA3F-C134-43C3-A01A-FE96791A1246}" = protocol=17 | dir=in | app=c:\program files\lexmark 5600-6600 series\frun.exe |
"{CFDDE38F-C02E-4441-BFD2-CAB0633A333E}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{D49387A8-BD63-4F79-A385-62518E2A506A}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
"{E316697D-A1ED-4E07-BEDF-64003F62C1A9}" = protocol=17 | dir=in | app=c:\program files\lexmark 3600-4600 series\frun.exe |
"{E3D73938-4557-4DC0-A310-443F2EAC447F}" = protocol=6 | dir=in | app=c:\program files\lexmark 3600-4600 series\frun.exe |
"{F76F6717-C16A-4B8B-80B0-24CAB61ECC15}" = protocol=6 | dir=in | app=c:\program files\lexmark 5600-6600 series\lxduamon.exe |
"TCP Query User{3FCA655C-45AE-461D-BBCF-3F95CE892613}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{69DDF96B-2D18-4BB4-998A-326CE5B56FAD}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{C48F8405-2F3F-4D94-A288-F548F42473A4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{424773F9-B3AA-4192-978F-AC3BB73E7314}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6A563AA0-B05B-479F-AC12-E4486E278E2E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{8244CF82-7AC0-430D-9F70-5210840BC2A1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BF493FC0-48B9-45C1-A482-EF04813926BB}" = Point 6.2
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa2" = Picasa 2
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.93
"StreamTorrent 1.0" = StreamTorrent 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Veetle TV" = Veetle TV 0.9.18
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2012 12:04:46 PM | Computer Name = JonEJet-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.45.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 97c Start Time: 01cd400fe4f99ea9 Termination Time: 0

Error - 6/1/2012 12:13:27 PM | Computer Name = JonEJet-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.45.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: c04 Start Time: 01cd4010b4c5d9a3 Termination Time: 15

Error - 6/1/2012 12:42:20 PM | Computer Name = JonEJet-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/2/2012 11:10:10 AM | Computer Name = JonEJet-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0061-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 6/2/2012 11:56:39 AM | Computer Name = JonEJet-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.45.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 12f0 Start Time: 01cd40d7d1371b70 Termination Time: 23

Error - 6/2/2012 12:02:29 PM | Computer Name = JonEJet-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.45.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 17bc Start Time: 01cd40d852e6e010 Termination Time: 51

Error - 6/2/2012 9:09:21 PM | Computer Name = JonEJet-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.45.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 4b8 Start Time: 01cd4124b8a48670 Termination Time: 12

Error - 6/2/2012 11:40:57 PM | Computer Name = JonEJet-PC | Source = EventSystem | ID = 4609
Description =

Error - 6/3/2012 3:12:34 PM | Computer Name = JonEJet-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 728 Start Time: 01cd41bc9860e322 Termination Time: 47

Error - 6/3/2012 3:13:07 PM | Computer Name = JonEJet-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.exe version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: a20 Start Time: 01cd41bcd49349a2 Termination Time: 31

[ System Events ]
Error - 6/8/2012 2:18:40 PM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/9/2012 9:04:51 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 6/9/2012 9:21:58 AM | Computer Name = JonEJet-PC | Source = HTTP | ID = 15016
Description =

Error - 6/9/2012 9:22:58 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/9/2012 9:22:58 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/9/2012 9:22:58 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/9/2012 9:22:58 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/9/2012 9:22:58 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/9/2012 9:22:58 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 6/9/2012 9:22:58 AM | Computer Name = JonEJet-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >

I've been out two days without www :p

Lets remove some malware folders with OTL

• Please run OTL.exe again
  
• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

• CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
  
• If it asks to reboot the computer, please allow that.
  
• Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

Can you run another MBAM scan?

========== FILES ==========
C:\Users\JonEJet\AppData\Local\803rt48xt48a01113057goevuw1d832mjt5kv53124h moved successfully.
C:\ProgramData\803rt48xt48a01113057goevuw1d832mjt5kv53124h moved successfully.
C:\Users\JonEJet\AppData\Local\6p74b12e5883bvnms7rio6x2hebdv36h moved successfully.
C:\ProgramData\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8 moved successfully.
C:\Users\JonEJet\AppData\Local\fpk18br42an2tvtfyeyk138704u0rks424n13aikjo8 moved successfully.
C:\ProgramData\6p74b12e5883bvnms7rio6x2hebdv36h moved successfully.

OTL by OldTimer - Version 3.2.45.0 log created on 06102012_144848

OK - you are still being redirected?

Glad you're back


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.05.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
JonEJet :: JONEJET-PC [administrator]

6/10/2012 2:50:50 PM
mbam-log-2012-06-10 (14-50-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197961
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)